FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

wordpress -- multiple vulnerabilities

Affected packages
wordpress < 4.5.2,1
de-wordpress < 4.5.2
ja-wordpress < 4.5.2
ru-wordpress < 4.5.2
zh-wordpress-zh_CN < 4.5.2
zh-wordpress-zh_TW < 4.5.2


VuXML ID 3686917b-164d-11e6-94fa-002590263bf5
Discovery 2016-05-06
Entry 2016-05-10

Helen Hou-Sandi reports:

WordPress 4.5.2 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.

WordPress versions 4.5.1 and earlier are affected by a SOME vulnerability through Plupload, the third-party library WordPress uses for uploading files. WordPress versions 4.2 through 4.5.1 are vulnerable to reflected XSS using specially crafted URIs through MediaElement.js, the third-party library used for media players. MediaElement.js and Plupload have also released updates fixing these issues.


CVE Name CVE-2016-4566
CVE Name CVE-2016-4567