FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

wordpress -- multiple vulnerabilities

Affected packages
	wordpress	<	4.7.3,1
	de-wordpress	<	4.7.3
	ja-wordpress	<	4.7.3
	ru-wordpress	<	4.7.3
	zh-wordpress-zh_CN	<	4.7.3
	zh-wordpress-zh_TW	<	4.7.3

Details

VuXML ID	82752070-0349-11e7-b48d-00e04c1ea73d
Discovery	2017-03-07
Entry	2017-03-07

WordPress versions 4.7.2 and earlier are affected by six security issues.

Cross-site scripting (XSS) via media file metadata.

Control characters can trick redirect URL validation.

Unintended files can be deleted by administrators using the plugin deletion functionality.

Cross-site scripting (XSS) via video URL in YouTube embeds.

Cross-site scripting (XSS) via taxonomy term names.

Cross-site request forgery (CSRF) in Press This leading to excessive use of server resources.

[source]

References

URL	http://www.openwall.com/lists/oss-security/2017/03/07/3
URL	https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/