stable
FEDORA-EPEL-2020-12ba1ceddb created by remi 2 years ago for Fedora EPEL 7

WordPress 5.1.5

Security Updates

Seven security issues affect WordPress versions 5.4 and earlier. If you haven’t yet updated to 5.4, all WordPress versions since 3.7 have also been updated to fix the following security issues:

  • Props to Muaz Bin Abdus Sattar and Jannes who both independently reported an issue where password reset tokens were not properly invalidated
  • Props to ka1n4t for finding an issue where certain private posts can be viewed unauthenticated
  • Props to Evan Ricafort for discovering an XSS issue in the Customizer
  • Props to Ben Bidner from the WordPress Security Team who discovered an XSS issue in the search block
  • Props to Nick Daugherty from WordPress VIP / WordPress Security Team who discovered an XSS issue in wp-object-cache
  • Props to Ronnie Goodrich (Kahoots) and Jason Medeiros who independently reported an XSS issue in file uploads.
  • Props to Weston Ruter for fixing a stored XSS vulnerability in the WordPress customizer.

This update has been submitted for testing by remi.

2 years ago

This update's test gating status has been changed to 'waiting'.

2 years ago

This update's test gating status has been changed to 'ignored'.

2 years ago

This update has been pushed to testing.

2 years ago

remi edited this update.

2 years ago

This update can be pushed to stable now if the maintainer wishes

2 years ago

This update has been submitted for stable by bodhi.

2 years ago

This update has been pushed to stable.

2 years ago

Please login to add feedback.

Metadata
Type
security
Severity
medium
Karma
0
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
14 days
Dates
submitted
2 years ago
in testing
2 years ago
in stable
2 years ago
modified
2 years ago
BZ#1831580 CVE-2020-11030 wordpress: special crafted payload can lead to scripts getting executed within the search block of the block editor
0
0
BZ#1831582 CVE-2020-11030 wordpress: special crafted payload can lead to scripts getting executed within the search block of the block editor [epel-7]
0
0
BZ#1831621 CVE-2020-11029 wordpress: vulnerability in the stats() method of class-wp-object-cache.php can be exploited to execute cross-site scripting (XSS)
0
0
BZ#1831622 CVE-2020-11029 wordpress: A vulnerability in the stats() method of class-wp-object-cache.php can be exploited to execute cross-site scripting (XSS) attacks [epel-7]
0
0
BZ#1831625 CVE-2020-11028 wordpress: Some private posts, which were previously public, can result in unauthenticated disclosure under a specific set of conditions.
0
0
BZ#1831626 CVE-2020-11028 wordpress: Some private posts, which were previously public, can result in unauthenticated disclosure under a specific set of conditions. [epel-7]
0
0
BZ#1831633 CVE-2020-11027 wordpress: password reset link does not expire which could resul in credentials disclosure
0
0
BZ#1831635 CVE-2020-11027 wordpress: password reset link does not expire which could resul in credentials disclosure [epel-7]
0
0
BZ#1831637 CVE-2020-11026 wordpress: Specially crafted filenames in WordPress leading to XSS
0
0
BZ#1831639 CVE-2020-11026 wordpress: Specially crafted filenames in WordPress leading to XSS [epel-7]
0
0
BZ#1831642 CVE-2020-11025 wordpress: Authenticated cross-site scripting (XSS) in WordPress Customizer
0
0
BZ#1831644 CVE-2020-11025 wordpress: Authenticated cross-site scripting (XSS) in WordPress Customizer [epel-7]
0
0

Automated Test Results