AVG-39 log

Package	wordpress
Status	Fixed
Severity	High
Type	multiple issues
Affected	4.6.0-1
Fixed	4.6.1-1
Current	6.5.2-1 [extra]
Ticket	None
Created	Fri Sep 30 10:21:02 2016

Issue	Severity	Remote	Type	Description
CVE-2016-7169	High	Yes	Directory traversal	A path traversal vulnerability has been discovered in the upgrade package uploader, reported by Dominik Schilling from the WordPress security team.
CVE-2016-7168	Medium	Yes	Cross-site scripting	A cross-site scripting vulnerability has been discovered via a malicious image filename, reported by SumOfPwn researcher Cengiz Han Sahin. A WordPress admin...

Issue

Severity

Remote

Type

Description

CVE-2016-7169

High

Yes

Directory traversal

A path traversal vulnerability has been discovered in the upgrade package uploader, reported by Dominik Schilling from the WordPress security team.

CVE-2016-7168

Medium

Yes

Cross-site scripting

A cross-site scripting vulnerability has been discovered via a malicious image filename, reported by SumOfPwn researcher Cengiz Han Sahin. A WordPress admin...

Date	Advisory	Package	Type
30 Sep 2016	ASA-201609-32	wordpress	multiple issues

References
https://wordpress.org/news/2016/09/wordpress-4-6-1-security-and-maintenance-release/ http://www.openwall.com/lists/oss-security/2016/09/08/24