Late-breaking news on the 5.2.4 short-cycle security release that landed October 14. When we released the news post, I inadvertently missed giving props to Simon Scannell of RIPS Technologies for finding and disclosing an issue where path traversal can lead to remote code execution.
Simon has done a great deal of work on the WordPress project, and failing to mention his contributions is a huge oversight on our end.
Thank you to all of the reporters for privately disclosing vulnerabilities, which gave us time to fix them before WordPress sites could be attacked.
More Stories
openssh-9.9p1-11.fc42
FEDORA-2025-ad76584c00 Packages in this update: openssh-9.9p1-11.fc42 Update description: Fixes CVE-2025-32728 Read More
openssh-9.9p1-4.fc41
FEDORA-2025-8896dcbcd0 Packages in this update: openssh-9.9p1-4.fc41 Update description: Fixes CVE-2025-32728 Read More
DSA-5922-1 firefox-esr – security update
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of...
DSA-5923-1 net-tools – security update
Mohamed Maatallah discovered a stack-based buffer overflow in the get_name() function in net-tools, a collection of programs for controlling the...
iputils-20240905-4.fc41
FEDORA-2025-7e1b66f54e Packages in this update: iputils-20240905-4.fc41 Update description: Fix for CVE-2025-47268 Read More
iputils-20240905-4.fc42
FEDORA-2025-dd7e746aac Packages in this update: iputils-20240905-4.fc42 Update description: Fix for CVE-2025-47268 Read More