FEDORA-2020-bf266424ea created by remi 3 weeks ago for Fedora 31
obsolete

WordPress 5.5.2 Security and Maintenance Release

Security Updates

  • Props to Alex Concha of the WordPress Security Team for their work in hardening deserialization requests.
  • Props to David Binovec on a fix to disable spam embeds from disabled sites on a multisite network.
  • Thanks to Marc Montas from Sucuri for reporting an issue that could lead to XSS from global variables.
  • Thanks to Justin Tran who reported an issue surrounding privilege escalation in XML-RPC. He also found and disclosed an issue around privilege escalation around post commenting via XML-RPC.
  • Props to Omar Ganiev who reported a method where a DoS attack could lead to RCE.
  • Thanks to Karim El Ouerghemmi from RIPS who disclosed a method to store XSS in post slugs.
  • Thanks to Slavco for reporting, and confirmation from Karim El Ouerghemmi, a method to bypass protected meta that could lead to arbitrary file deletion.
  • Thanks to Erwan LR from WPScan who responsibly disclosed a method that could lead to CSRF.
  • And a special thanks to @zieladam who was integral in many of the releases and patches during this release.

This update has been submitted for testing by remi.

3 weeks ago

This update's test gating status has been changed to 'ignored'.

3 weeks ago

This update's test gating status has been changed to 'waiting'.

3 weeks ago

This update's test gating status has been changed to 'ignored'.

3 weeks ago

This update has been pushed to testing.

3 weeks ago

This update has been obsoleted by wordpress-5.5.3-1.fc31.

3 weeks ago

Please login to add feedback.

Metadata
Type
security
Severity
medium
Karma
0
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
7 days
Dates
submitted
3 weeks ago
in testing
3 weeks ago

Automated Test Results