FEDORA-2023-f238593a42
Packages in this update:
wordpress-6.2.2-1.fc37
Update description:
WordPress 6.2.2 Security Release
Security updates included in this release:
Block themes parsing shortcodes in user-generated data; thanks to Liam Gladdy of WP Engine for reporting this issue.
WordPress 6.2.1 Maintenance & Security Release
Security updates included in this release
Block themes parsing shortcodes in user generated data; thanks to Liam Gladdy of WP Engine for reporting this issue
A CSRF issue updating attachment thumbnails; reported by John Blackbourn of the WordPress security team
A flaw allowing XSS via open embed auto discovery; reported independently by Jakub Żoczek of Securitum and during a third party security audit
Bypassing of KSES sanitization in block attributes for low privileged users; discovered during a third party security audit.
A path traversal issue via translation files; reported independently by Ramuel Gall and during a third party security audit.