stable
FEDORA-EPEL-2020-5f91ab971e created by remi 2 years ago for Fedora EPEL 6

WordPress 5.1.6 Security Release

Security Updates

  • Props to Sam Thomas (jazzy2fives) for finding an XSS issue where authenticated users with low privileges are able to add JavaScript to posts in the block editor.
  • Props to Luigi – (gubello.me) for discovering an XSS issue where authenticated users with upload permissions are able to add JavaScript to media files.
  • Props to Ben Bidner of the WordPress Security Team for finding an open redirect issue in wp_validate_redirect().
  • Props to Nrimo Ing Pandum for finding an authenticated XSS issue via theme uploads.
  • Props to Simon Scannell of RIPS Technologies for finding an issue where set-screen-option can be misused by plugins leading to privilege escalation.
  • Props to Carolina Nymark for discovering an issue where comments from password-protected posts and pages could be displayed under certain conditions.

This update has been submitted for testing by remi.

2 years ago

This update's test gating status has been changed to 'waiting'.

2 years ago

This update's test gating status has been changed to 'ignored'.

2 years ago

This update has been pushed to testing.

2 years ago

remi edited this update.

2 years ago

This update can be pushed to stable now if the maintainer wishes

2 years ago

This update has been submitted for stable by bodhi.

2 years ago

This update has been pushed to stable.

2 years ago

Please login to add feedback.

Metadata
Type
security
Severity
medium
Karma
0
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
14 days
Dates
submitted
2 years ago
in testing
2 years ago
in stable
2 years ago
modified
2 years ago
BZ#1848680 CVE-2020-4046 wordpress: authenticated XSS through embed block
0
0
BZ#1848682 CVE-2020-4046 wordpress: authenticated XSS through embed block [epel-all]
0
0
BZ#1848684 CVE-2020-4047 wordpress: authenticated XSS via media attachment page
0
0
BZ#1848686 CVE-2020-4047 wordpress: authenticated XSS via media attachment page [epel-all]
0
0
BZ#1848689 CVE-2020-4048 wordpress: open redirect in wp_validate_redirect function
0
0
BZ#1848691 CVE-2020-4048 wordpress: open redirect in wp_validate_redirect function [epel-all]
0
0
BZ#1848692 CVE-2020-4049 wordpress: authenticated self-XSS via theme uploads
0
0
BZ#1848694 CVE-2020-4049 wordpress: authenticated self-XSS via theme uploads [epel-all]
0
0
BZ#1848697 CVE-2020-4050 wordpress: set-screen-option filter misuse by plugins leads to privilege escalation
0
0
BZ#1848699 CVE-2020-4050 wordpress: set-screen-option filter misuse by plugins leads to privilege escalation [epel-all]
0
0

Automated Test Results