FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

wordpress -- multiple vulnerabilities

Affected packages
	wordpress	<	4.4.2,1
	de-wordpress	<	4.4.2
	ja-wordpress	<	4.4.2
	ru-wordpress	<	4.4.2
	zh-wordpress-zh_CN	<	4.4.2
	zh-wordpress-zh_TW	<	4.4.2

Details

VuXML ID	fef03980-e4c6-11e5-b2bd-002590263bf5
Discovery	2016-02-02
Entry	2016-03-08

Samuel Sidler reports:

WordPress 4.4.2 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.

WordPress versions 4.4.1 and earlier are affected by two security issues: a possible SSRF for certain local URIs, reported by Ronni Skansing; and an open redirection attack, reported by Shailesh Suthar.

[source]

References

CVE Name	CVE-2016-2221
CVE Name	CVE-2016-2222
URL	http://www.openwall.com/lists/oss-security/2016/02/04/6
URL	https://wordpress.org/news/2016/02/wordpress-4-4-2-security-and-maintenance-release/