AVG-142

Package wordpress
Status Fixed
Severity High
Type multiple issues
Affected 4.7-1
Fixed 4.7.1-1
Current 4.9.6-1 [community]
Ticket FS#52555
Created Sun Jan 15 17:06:43 2017
Issue Severity Remote Type Description
CVE-2017-5493 Low Yes Insufficient validation
An insufficient validation vulnerability has been discovered in wordpress leading to weak cryptographic security for multisite activation key.
CVE-2017-5492 Medium Yes Cross-site request forgery
A cross-site request forgery (CSRF) vulnerability has been discovered in wordpress in the accessibility mode of widget editing.
CVE-2017-5491 Low Yes Access restriction bypass
A vulnerability has been discovered in wordpress allowing to post via email as it checks for mail.example.com if default settings aren't changed.
CVE-2017-5490 High Yes Cross-site scripting
A cross-site scripting (XSS) vulnerability has been discovered in wordpress via theme name fallback.
CVE-2017-5489 Medium Yes Cross-site request forgery
A cross-site request forgery (CSRF) bypass has been discovered in wordpress via uploading a Flash file.
CVE-2017-5488 High Yes Cross-site scripting
A cross-site scripting (XSS) vulnerability has been discovered in wordpress via the plugin name or version header on update-core.php.
CVE-2017-5487 Medium Yes Access restriction bypass
A vulnerability has been discovered in wordpress exposing user data for all users who had authored a post of a public post type via the REST API. wordpress...
CVE-2016-10045 High Yes Arbitrary code execution
It has been discovered that the first patch of the vulnerability CVE-2016-10033 in PHPMailer was incomplete and could potentially still be used by...
CVE-2016-10033 High Yes Arbitrary code execution
A vulnerability has been discovered in PHPMailer that could potentially be used by unauthenticated remote attackers to achieve remote arbitrary code...
Date Advisory Package Description
15 Jan 2017 ASA-201701-22 wordpress multiple issues
References
https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
http://seclists.org/oss-sec/2017/q1/95