FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

wordpress -- multiple vulnerabilities

Affected packages
wordpress < 4.4.2,1
de-wordpress < 4.4.2
ja-wordpress < 4.4.2
ru-wordpress < 4.4.2
zh-wordpress-zh_CN < 4.4.2
zh-wordpress-zh_TW < 4.4.2

Details

VuXML ID fef03980-e4c6-11e5-b2bd-002590263bf5
Discovery 2016-02-02
Entry 2016-03-08

Samuel Sidler reports:

WordPress 4.4.2 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.

WordPress versions 4.4.1 and earlier are affected by two security issues: a possible SSRF for certain local URIs, reported by Ronni Skansing; and an open redirection attack, reported by Shailesh Suthar.

References

CVE Name CVE-2016-2221
CVE Name CVE-2016-2222
URL http://www.openwall.com/lists/oss-security/2016/02/04/6
URL https://wordpress.org/news/2016/02/wordpress-4-4-2-security-and-maintenance-release/