AVG-39 log

Package wordpress
Status Fixed
Severity High
Type multiple issues
Affected 4.6.0-1
Fixed 4.6.1-1
Current 6.5.2-1 [extra]
Ticket None
Created Fri Sep 30 10:21:02 2016
Issue Severity Remote Type Description
CVE-2016-7169 High Yes Directory traversal
A path traversal vulnerability has been discovered in the upgrade package uploader, reported by Dominik Schilling from the WordPress security team.
CVE-2016-7168 Medium Yes Cross-site scripting
A cross-site scripting vulnerability has been discovered via a malicious image filename, reported by SumOfPwn researcher Cengiz Han Sahin. A WordPress admin...
Date Advisory Package Type
30 Sep 2016 ASA-201609-32 wordpress multiple issues