Several vulnerabilities have been found in Wordpress, the popular blogging engine. CVE-2015-3429 The file example.html in the Genericicons icon font package and twentyfifteen Wordpress theme allowed for cross site scripting. CVE-2015-5622 The robustness of the shortcodes HTML tags filter has been improved. The parsing is a bit more strict, which may affect your installation. CVE-2015-5623 A cross site scripting vulnerability allowed users with the Contributor or Author role to elevate their privileges. The oldstable distribution (wheezy) is only affected by CVE-2015-5622. This less critical issue will be fixed at a later time. For the stable distribution (jessie), these problems have been fixed in version 4.1+dfsg-1+deb8u2. For the unstable distribution (sid), these problems have been fixed in version 4.2.3+dfsg-1. We recommend that you upgrade your wordpress packages.
Several vulnerabilities have been found in Wordpress, the popular blogging engine.
The file example.html in the Genericicons icon font package and twentyfifteen Wordpress theme allowed for cross site scripting.
The robustness of the shortcodes HTML tags filter has been improved. The parsing is a bit more strict, which may affect your installation.
A cross site scripting vulnerability allowed users with the Contributor or Author role to elevate their privileges.
The oldstable distribution (wheezy) is only affected by CVE-2015-5622. This less critical issue will be fixed at a later time.
For the stable distribution (jessie), these problems have been fixed in version 4.1+dfsg-1+deb8u2.
For the unstable distribution (sid), these problems have been fixed in version 4.2.3+dfsg-1.
We recommend that you upgrade your wordpress packages.
Vulmon