FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

wordpress -- multiple issues

Affected packages
fr-wordpress < 4.9.1,1
wordpress < 4.9.1,1
de-wordpress < 4.9.1
ja-wordpress < 4.9.1
ru_RU-wordpress < 4.9.1
zh_CN-wordpress < 4.9.1
zh_TW-wordpress < 4.9.1

Details

VuXML ID a2589511-d6ba-11e7-88dd-00e04c1ea73d
Discovery 2017-11-29
Entry 2017-12-01

wordpress developers reports:

Use a properly generated hash for the newbloguser key instead of a determinate substring.

Add escaping to the language attributes used on html elements.

Ensure the attributes of enclosures are correctly escaped in RSS and Atom feeds.

Remove the ability to upload JavaScript files for users who do not have the unfiltered_html capability.

References

URL https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/