- Advisory ID
- Betroffene Versionen
- MBS1 x86_64
Updated wordpress package fixes security vulnerabilities:
A denial of service flaw was found in the way Wordpress, a blog tool
and publishing platform, performed hash computation when checking
password for password protected blog posts. A remote attacker could
provide a specially- crafted input that, when processed by the password
checking mechanism of Wordpress would lead to excessive CPU consumption
Inadequate SSRF protection for HTTP requests where the user can provide
a URL can allow for attacks against the intranet and other sites. This
is a continuation of work related to CVE-2013-0235, which was specific
to SSRF in pingback requests and was fixed in 3.5.1 (CVE-2013-2199).
Inadequate checking of a user's capabilities could allow them to
publish posts when their user role should not allow for it; and to
assign posts to other authors (CVE-2013-2200).
Inadequate escaping allowed an administrator to trigger a cross-site
scripting vulnerability through the uploading of media files and
The processing of an oEmbed response is vulnerable to an XXE
If the uploads directory is not writable, error message data returned
via XHR will include a full path to the directory (CVE-2013-2203).
Content Spoofing in the MoxieCode (TinyMCE) MoxiePlayer project
Cross-domain XSS in SWFUpload (CVE-2013-2205).
49ddd0392d475a3dbf886156127e279c mbs1/x86_64/wordpress-3.5.2-1.mbs1.noarch.rpm 28910991fb4994c1afcc6c33768c09fd mbs1/SRPMS/wordpress-3.5.2-1.mbs1.src.rpm