FEDORA-EPEL-2023-cd6dc8dccf
Packages in this update:
wordpress-5.1.16-1.el7
Update description:
WordPress 5.1.16 Security Release
Includes security fixes from 6.2.1
wordpress-5.1.16-1.el7
WordPress 5.1.16 Security Release
Includes security fixes from 6.2.1
wordpress-6.2.1-1.fc37
WordPress 6.2.1 Maintenance & Security Release
Security updates included in this release
Block themes parsing shortcodes in user generated data; thanks to Liam Gladdy of WP Engine for reporting this issue
A CSRF issue updating attachment thumbnails; reported by John Blackbourn of the WordPress security team
A flaw allowing XSS via open embed auto discovery; reported independently by Jakub Żoczek of Securitum and during a third party security audit
Bypassing of KSES sanitization in block attributes for low privileged users; discovered during a third party security audit.
A path traversal issue via translation files; reported independently by Ramuel Gall and during a third party security audit.
wordpress-6.2.1-1.el9
WordPress 6.2.1 Maintenance & Security Release
Security updates included in this release
Block themes parsing shortcodes in user generated data; thanks to Liam Gladdy of WP Engine for reporting this issue
A CSRF issue updating attachment thumbnails; reported by John Blackbourn of the WordPress security team
A flaw allowing XSS via open embed auto discovery; reported independently by Jakub Żoczek of Securitum and during a third party security audit
Bypassing of KSES sanitization in block attributes for low privileged users; discovered during a third party security audit.
A path traversal issue via translation files; reported independently by Ramuel Gall and during a third party security audit.
wordpress-6.2.1-1.fc38
WordPress 6.2.1 Maintenance & Security Release
Security updates included in this release
Block themes parsing shortcodes in user generated data; thanks to Liam Gladdy of WP Engine for reporting this issue
A CSRF issue updating attachment thumbnails; reported by John Blackbourn of the WordPress security team
A flaw allowing XSS via open embed auto discovery; reported independently by Jakub Żoczek of Securitum and during a third party security audit
Bypassing of KSES sanitization in block attributes for low privileged users; discovered during a third party security audit.
A path traversal issue via translation files; reported independently by Ramuel Gall and during a third party security audit.
This vulnerability allows remote attackers to bypass authentication on affected installations of Synology DiskStation Manager. Authentication is not required to exploit this vulnerability.
This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trend Micro Apex One. Authentication is not required to exploit this vulnerability.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Apex Central. Authentication is required to exploit this vulnerability.
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trend Micro Apex One. Authentication is not required to exploit this vulnerability.