It was discovered that FRR incorrectly handled parsing certain BGP
messages. A remote attacker could possibly use this issue to cause FRR to
crash, resulting in a denial of service. (CVE-2022-37032)
It was discovered that FRR incorrectly handled processing certain BGP
messages. A remote attacker could possibly use this issue to cause FRR to
crash, resulting in a denial of service, obtain sensitive information,
or execute arbitrary code. (CVE-2022-37035)
Media: Refactor search by filename within the admin,
REST API: Lockdown post parameter of the terms endpoint,
Customize: Escape blogname option in underscores templates,
Query: Validate relation in WP_Date_Query,
Posts, Post types: Apply KSES to post-by-email content,
General: Validate host on “Are you sure?” screen,
Posts, Post types: Remove emails from post-by-email logs,
Pings/trackbacks: Apply KSES to all trackbacks,
Mail: Reset PHPMailer properties between use,
Widgets: Escape RSS error messages for display.
Stored XSS via wp-mail.php (post by email) – Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. via JPCERT
Open redirect in wp_nonce_ays – devrayn
Sender’s email address is exposed in wp-mail.php – Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. via JPCERT
Media Library – Reflected XSS via SQLi – Ben Bidner from the WordPress security team and Marc Montpas from Automattic independently discovered this issue
CSRF in wp-trackback.php – Simon Scannell
Stored XSS via the Customizer – Alex Concha from the WordPress security team
Revert shared user instances introduced in 50790 – Alex Concha and Ben Bidner from the WordPress security team
Stored XSS in WordPress Core via Comment Editing – Third-party security audit and Alex Concha from the WordPress security team
Data exposure via the REST Terms/Tags Endpoint – Than Taintor
Content from multipart emails leaked – Thomas Kräftner
SQL Injection due to improper sanitization in WP_Date_Query – Michael Mazzolini
RSS Widget: Stored XSS issue – Third-party security audit
Stored XSS in the search block – Alex Concha of the WP Security team
Feature Image Block: XSS issue – Third-party security audit
RSS Block: Stored XSS issue – Third-party security audit
Fix widget block XSS – Third-party security audit
Stored XSS via wp-mail.php (post by email) – Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. via JPCERT
Open redirect in wp_nonce_ays – devrayn
Sender’s email address is exposed in wp-mail.php – Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. via JPCERT
Media Library – Reflected XSS via SQLi – Ben Bidner from the WordPress security team and Marc Montpas from Automattic independently discovered this issue
CSRF in wp-trackback.php – Simon Scannell
Stored XSS via the Customizer – Alex Concha from the WordPress security team
Revert shared user instances introduced in 50790 – Alex Concha and Ben Bidner from the WordPress security team
Stored XSS in WordPress Core via Comment Editing – Third-party security audit and Alex Concha from the WordPress security team
Data exposure via the REST Terms/Tags Endpoint – Than Taintor
Content from multipart emails leaked – Thomas Kräftner
SQL Injection due to improper sanitization in WP_Date_Query – Michael Mazzolini
RSS Widget: Stored XSS issue – Third-party security audit
Stored XSS in the search block – Alex Concha of the WP Security team
Feature Image Block: XSS issue – Third-party security audit
RSS Block: Stored XSS issue – Third-party security audit
Fix widget block XSS – Third-party security audit
Stored XSS via wp-mail.php (post by email) – Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. via JPCERT
Open redirect in wp_nonce_ays – devrayn
Sender’s email address is exposed in wp-mail.php – Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. via JPCERT
Media Library – Reflected XSS via SQLi – Ben Bidner from the WordPress security team and Marc Montpas from Automattic independently discovered this issue
CSRF in wp-trackback.php – Simon Scannell
Stored XSS via the Customizer – Alex Concha from the WordPress security team
Revert shared user instances introduced in 50790 – Alex Concha and Ben Bidner from the WordPress security team
Stored XSS in WordPress Core via Comment Editing – Third-party security audit and Alex Concha from the WordPress security team
Data exposure via the REST Terms/Tags Endpoint – Than Taintor
Content from multipart emails leaked – Thomas Kräftner
SQL Injection due to improper sanitization in WP_Date_Query – Michael Mazzolini
RSS Widget: Stored XSS issue – Third-party security audit
Stored XSS in the search block – Alex Concha of the WP Security team
Feature Image Block: XSS issue – Third-party security audit
RSS Block: Stored XSS issue – Third-party security audit
Fix widget block XSS – Third-party security audit
Stored XSS via wp-mail.php (post by email) – Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. via JPCERT
Open redirect in wp_nonce_ays – devrayn
Sender’s email address is exposed in wp-mail.php – Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. via JPCERT
Media Library – Reflected XSS via SQLi – Ben Bidner from the WordPress security team and Marc Montpas from Automattic independently discovered this issue
CSRF in wp-trackback.php – Simon Scannell
Stored XSS via the Customizer – Alex Concha from the WordPress security team
Revert shared user instances introduced in 50790 – Alex Concha and Ben Bidner from the WordPress security team
Stored XSS in WordPress Core via Comment Editing – Third-party security audit and Alex Concha from the WordPress security team
Data exposure via the REST Terms/Tags Endpoint – Than Taintor
Content from multipart emails leaked – Thomas Kräftner
SQL Injection due to improper sanitization in WP_Date_Query – Michael Mazzolini
RSS Widget: Stored XSS issue – Third-party security audit
Stored XSS in the search block – Alex Concha of the WP Security team
Feature Image Block: XSS issue – Third-party security audit
RSS Block: Stored XSS issue – Third-party security audit
Fix widget block XSS – Third-party security audit
