AVG-39

Package wordpress
Status Fixed
Severity High
Type multiple issues
Affected 4.6.0-1
Fixed 4.6.1-1
Current 4.9.4-1 [community]
Ticket None
Created Fri Sep 30 10:21:02 2016
Issue Severity Remote Type Description
CVE-2016-7169 High Yes Directory traversal
A path traversal vulnerability has been discovered in the upgrade package uploader, reported by Dominik Schilling from the WordPress security team.
CVE-2016-7168 Medium Yes Cross-site scripting
A cross-site scripting vulnerability has been discovered via a malicious image filename, reported by SumOfPwn researcher Cengiz Han Sahin. A WordPress admin...
Date Advisory Package Description
30 Sep 2016 ASA-201609-32 wordpress multiple issues
References
https://wordpress.org/news/2016/09/wordpress-4-6-1-security-and-maintenance-release/
http://www.openwall.com/lists/oss-security/2016/09/08/24