Debian Security Advisory
DSA-4599-1 wordpress -- security update
- Date Reported:
- 08 Jan 2020
- Affected Packages:
- Security database references:
- In the Debian bugtracking system: Bug 939543, Bug 942459, Bug 946905.
In Mitre's CVE dictionary: CVE-2019-16217, CVE-2019-16218, CVE-2019-16219, CVE-2019-16220, CVE-2019-16221, CVE-2019-16222, CVE-2019-16223, CVE-2019-16780, CVE-2019-16781, CVE-2019-17669, CVE-2019-17671, CVE-2019-17672, CVE-2019-17673, CVE-2019-17674, CVE-2019-17675, CVE-2019-20041, CVE-2019-20042, CVE-2019-20043.
- More information:
Several vulnerabilities were discovered in Wordpress, a web blogging tool. They allowed remote attackers to perform various Cross-Side Scripting (XSS) and Cross-Site Request Forgery (CSRF) attacks, create open redirects, poison cache, and bypass authorization access and input sanitation.
For the stable distribution (buster), these problems have been fixed in version 5.0.4+dfsg1-1+deb10u1.
We recommend that you upgrade your wordpress packages.
For the detailed security status of wordpress please refer to its security tracker page at: https://security-tracker.debian.org/tracker/wordpress