Debian Security Advisory

DLA-1096-1 wordpress-shibboleth -- LTS security update

Date Reported:
13 Sep 2017
Affected Packages:
Security database references:
In Mitre's CVE dictionary: CVE-2017-14313.
More information:

It was discovered that there was a an XSS vulnerability in the login form of the Shibboleth identity provider module for Wordpress.

For Debian 7 Wheezy, this issue has been fixed in wordpress-shibboleth version 1.4-2+deb7u1.

We recommend that you upgrade your wordpress-shibboleth packages.