stable

wordpress-5.1.12-1.el7

FEDORA-EPEL-2022-af51ba0333 created by remi a year ago for Fedora EPEL 7

Security Updates

Four security issues affect WordPress versions between 3.7 and 5.8. If you haven’t yet updated to 5.8, all WordPress versions since 3.7 have also been updated to fix the following security issue (except where noted otherwise):

  • Props to Karim El Ouerghemmi and Simon Scannell of SonarSource for disclosing an issue with stored XSS through post slugs.
  • Props to Simon Scannell of SonarSource for reporting an issue with Object injection in some multisite installations.
  • Props to ngocnb and khuyenn from GiaoHangTietKiem JSC for working with Trend Micro Zero Day Initiative on reporting a SQL injection vulnerability in WP_Query.
  • Props to Ben Bidner from the WordPress security team for reporting a SQL injection vulnerability in WP_Meta_Query (only relevant to versions 4.1-5.8).

This update has been submitted for testing by remi.

a year ago

This update's test gating status has been changed to 'ignored'.

a year ago

This update has been pushed to testing.

a year ago

remi edited this update.

a year ago

remi edited this update.

a year ago

This update has been submitted for stable by bodhi.

a year ago

This update has been pushed to stable.

a year ago

Please login to add feedback.

Metadata
Type
security
Severity
medium
Karma
0
Signed
Content Type
RPM
Test Gating
Builds
1
wordpress-5.1.12-1.el7
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
7 days
Dates
submitted
a year ago
in testing
a year ago
in stable
a year ago
modified
a year ago
BZ#2039301 CVE-2022-21661 wordpress: SQL injection via WP_Query
0
0
BZ#2039303 CVE-2022-21661 wordpress: SQL injection via WP_Query [epel-7]
0
0
BZ#2039306 CVE-2022-21662 wordpress: stored XSS through authenticated users
0
0
BZ#2039308 CVE-2022-21662 wordpress: stored XSS through authenticated users [epel-7]
0
0
BZ#2039312 CVE-2022-21663 wordpress: authenticated object injection in multisites
0
0
BZ#2039314 CVE-2022-21663 wordpress: authenticated object injection in multisites [epel-7]
0
0
BZ#2039317 CVE-2022-21664 wordpress: SQL injection due to improper sanitization in WP_Meta_Query
0
0
BZ#2039319 CVE-2022-21664 wordpress: SQL injection due to improper sanitization in WP_Meta_Query [epel-7]
0
0
wordpress-5.1.12-1.el7

Automated Test Results

Copyright © 2007-2023 Red Hat, Inc. and others.

Running bodhi-server 7.2.2 on bodhi-web-115-9vk65.

bodhi is Free Software. Please file issues if you have any problems. Read the documentation.

Composes Legal Privacy policy