FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

wordpress -- multiple vulnerabilities

Affected packages
wordpress < 4.5.3,1
de-wordpress < 4.5.3
ja-wordpress < 4.5.3
ru-wordpress < 4.5.3
zh-wordpress-zh_CN < 4.5.3
zh-wordpress-zh_TW < 4.5.3


VuXML ID bfcc23b6-3b27-11e6-8e82-002590263bf5
Discovery 2016-06-18
Entry 2016-06-25

Adam Silverstein reports:

WordPress 4.5.3 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.

WordPress versions 4.5.2 and earlier are affected by several security issues: redirect bypass in the customizer, reported by Yassine Aboukir; two different XSS problems via attachment names, reported by Jouko Pynnönenand Divyesh Prajapati; revision history information disclosure, reported independently by John Blackbourn from the WordPress security team and by Dan Moen from the Wordfence Research Team; oEmbed denial of service reported by Jennifer Dodd from Automattic; unauthorized category removal from a post, reported by David Herrera from Alley Interactive; password change via stolen cookie, reported by Michael Adams from the WordPress security team; and some less secure sanitize_file_name edge cases reported by Peter Westwood of the WordPress security team.


CVE Name CVE-2016-5832
CVE Name CVE-2016-5833
CVE Name CVE-2016-5834
CVE Name CVE-2016-5835
CVE Name CVE-2016-5836
CVE Name CVE-2016-5837
CVE Name CVE-2016-5838
CVE Name CVE-2016-5839
FreeBSD PR ports/210480
FreeBSD PR ports/210581