FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

wordpress -- cross-site scripting vulnerability

Affected packages
wordpress < 4.2.1,1
de-wordpress < 4.2.1
ja-wordpress < 4.2.1
ru-wordpress < 4.2.1
zh-wordpress-zh_CN < 4.2.1
zh-wordpress-zh_TW < 4.2.1

Details

VuXML ID ba4f9b19-ed9d-11e4-9118-bcaec565249c
Discovery 2015-04-27
Entry 2015-05-07
Modified 2015-09-15

Gary Pendergast reports:

WordPress 4.2.1 is now available. This is a critical security release for all previous versions and we strongly encourage you to update your sites immediately.

A few hours ago, the WordPress team was made aware of a cross-site scripting vulnerability, which could enable commenters to compromise a site. The vulnerability was discovered by Jouko Pynnöne.

[source]

References

URL https://wordpress.org/news/2015/04/wordpress-4-2-1/

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.