FEDORA-2022-4e099582c7
Packages in this update:
wordpress-6.0.3-1.fc36
Update description:
WordPress 6.0.3 Security Release
Security updates included in this release
Stored XSS via wp-mail.php (post by email) – Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. via JPCERT
Open redirect in wp_nonce_ays – devrayn
Sender’s email address is exposed in wp-mail.php – Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. via JPCERT
Media Library – Reflected XSS via SQLi – Ben Bidner from the WordPress security team and Marc Montpas from Automattic independently discovered this issue
CSRF in wp-trackback.php – Simon Scannell
Stored XSS via the Customizer – Alex Concha from the WordPress security team
Revert shared user instances introduced in 50790 – Alex Concha and Ben Bidner from the WordPress security team
Stored XSS in WordPress Core via Comment Editing – Third-party security audit and Alex Concha from the WordPress security team
Data exposure via the REST Terms/Tags Endpoint – Than Taintor
Content from multipart emails leaked – Thomas Kräftner
SQL Injection due to improper sanitization in WP_Date_Query – Michael Mazzolini
RSS Widget: Stored XSS issue – Third-party security audit
Stored XSS in the search block – Alex Concha of the WP Security team
Feature Image Block: XSS issue – Third-party security audit
RSS Block: Stored XSS issue – Third-party security audit
Fix widget block XSS – Third-party security audit
More Stories
Akira Ransomware Attack
What is the Akira Ransomware Attack? The Akira ransomware attack has actively and widely impacting businesses. According to CISA advisory,...
golang-gvisor-20240408.0-1.20240418git9e5a99b.fc38
FEDORA-2024-d652859efb Packages in this update: golang-gvisor-20240408.0-1.20240418git9e5a99b.fc38 Update description: Update golang-gvisor to 20240408.0 Read More
golang-gvisor-20240408.0-1.20240418git9e5a99b.fc39
FEDORA-2024-9cc0e0c63e Packages in this update: golang-gvisor-20240408.0-1.20240418git9e5a99b.fc39 Update description: Update golang-gvisor to 20240408.0 Read More
golang-gvisor-20240408.0-1.20240418git9e5a99b.fc40
FEDORA-2024-80e062d21a Packages in this update: golang-gvisor-20240408.0-1.20240418git9e5a99b.fc40 Update description: Update golang-gvisor to 20240408.0 Read More
python-reportlab-4.2.0-1.fc39
FEDORA-2024-6ec4e78241 Packages in this update: python-reportlab-4.2.0-1.fc39 Update description: Release 4.2.0 Read More
python-reportlab-4.2.0-1.fc40
FEDORA-2024-dc844d0669 Packages in this update: python-reportlab-4.2.0-1.fc40 Update description: Release 4.2.0 Read More