stable
FEDORA-2020-8447a3e195 created by remi 2 years ago for Fedora 32

WordPress 5.4.2 Security and Maintenance Release

This security and maintenance release features 23 fixes and enhancements. Plus, it adds a number of security fixes—see the list below.

These bugs affect WordPress versions 5.4.1 and earlier; version 5.4.2 fixes them, so you’ll want to upgrade.

Security Updates

WordPress versions 5.4 and earlier are affected by the following bugs, which are fixed in version 5.4.2. If you haven’t yet updated to 5.4, there are also updated versions of 5.3 and earlier that fix the security issues.

  • Props to Sam Thomas (jazzy2fives) for finding an XSS issue where authenticated users with low privileges are able to add JavaScript to posts in the block editor.
  • Props to Luigi – (gubello.me) for discovering an XSS issue where authenticated users with upload permissions are able to add JavaScript to media files.
  • Props to Ben Bidner of the WordPress Security Team for finding an open redirect issue in wp_validate_redirect().
  • Props to Nrimo Ing Pandum for finding an authenticated XSS issue via theme uploads.
  • Props to Simon Scannell of RIPS Technologies for finding an issue where set-screen-option can be misused by plugins leading to privilege escalation.
  • Props to Carolina Nymark for discovering an issue where comments from password-protected posts and pages could be displayed under certain conditions.

How to install

sudo dnf upgrade --refresh --advisory=FEDORA-2020-8447a3e195

This update has been submitted for testing by remi.

2 years ago

This update's test gating status has been changed to 'waiting'.

2 years ago

This update's test gating status has been changed to 'ignored'.

2 years ago

This update has been pushed to testing.

2 years ago

remi edited this update.

2 years ago

This update's test gating status has been changed to 'greenwave_failed'.

2 years ago

This update's test gating status has been changed to 'ignored'.

2 years ago

This update's test gating status has been changed to 'greenwave_failed'.

2 years ago

This update's test gating status has been changed to 'ignored'.

2 years ago

This update can be pushed to stable now if the maintainer wishes

2 years ago

This update has been submitted for stable by bodhi.

2 years ago

This update has been pushed to stable.

2 years ago

Please login to add feedback.

Metadata
Type
security
Severity
medium
Karma
0
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
7 days
Dates
submitted
2 years ago
in testing
2 years ago
in stable
2 years ago
modified
2 years ago
BZ#1848680 CVE-2020-4046 wordpress: authenticated XSS through embed block
0
0
BZ#1848681 CVE-2020-4046 wordpress: authenticated XSS through embed block [fedora-all]
0
0
BZ#1848684 CVE-2020-4047 wordpress: authenticated XSS via media attachment page
0
0
BZ#1848685 CVE-2020-4047 wordpress: authenticated XSS via media attachment page [fedora-all]
0
0
BZ#1848689 CVE-2020-4048 wordpress: open redirect in wp_validate_redirect function
0
0
BZ#1848690 CVE-2020-4048 wordpress: open redirect in wp_validate_redirect function [fedora-all]
0
0
BZ#1848692 CVE-2020-4049 wordpress: authenticated self-XSS via theme uploads
0
0
BZ#1848693 CVE-2020-4049 wordpress: authenticated self-XSS via theme uploads [fedora-all]
0
0
BZ#1848697 CVE-2020-4050 wordpress: set-screen-option filter misuse by plugins leads to privilege escalation
0
0
BZ#1848698 CVE-2020-4050 wordpress: set-screen-option filter misuse by plugins leads to privilege escalation [fedora-all]
0
0

Automated Test Results