AVG-39 log
Package | wordpress |
Status | Fixed |
Severity | High |
Type | multiple issues |
Affected | 4.6.0-1 |
Fixed | 4.6.1-1 |
Current | 6.7.1-1 [extra] |
Ticket | None |
Created | Fri Sep 30 10:21:02 2016 |
Issue | Severity | Remote | Type | Description |
---|---|---|---|---|
CVE-2016-7169 | High | Yes | Directory traversal | A path traversal vulnerability has been discovered in the upgrade package uploader, reported by Dominik Schilling from the WordPress security team. |
CVE-2016-7168 | Medium | Yes | Cross-site scripting | A cross-site scripting vulnerability has been discovered via a malicious image filename, reported by SumOfPwn researcher Cengiz Han Sahin. A WordPress admin... |
Date | Advisory | Package | Type |
---|---|---|---|
30 Sep 2016 | ASA-201609-32 | wordpress | multiple issues |
References |
---|
https://wordpress.org/news/2016/09/wordpress-4-6-1-security-and-maintenance-release/ http://www.openwall.com/lists/oss-security/2016/09/08/24 |