Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
debianlists.debian.orgDEBIAN:DSA-5685-1:AE2F3
HistoryMay 08, 2024 - 10:06 p.m.

[SECURITY] [DSA 5685-1] wordpress security update

2024-05-0822:06:13
lists.debian.org
20
cve-2023-2745
wordpress
cve-2024-31210
bullseye
debian
cve-2023-38000
php file upload bypass
cve-2023-5561
cross-site-scripting
remote code execution
cve-2023-39999
bookworm
security update

AI Score

7.3

Confidence

Low

EPSS

0.004

Percentile

73.2%

JSON

Debian Security Advisory DSA-5685-1 [email protected]
https://www.debian.org/security/ Markus Koschany
May 08, 2024 https://www.debian.org/security/faq

Package : wordpress
CVE ID : CVE-2023-2745 CVE-2023-5561 CVE-2023-38000 CVE-2023-39999
CVE-2024-31210
Debian Bug : 1036296

Several security vulnerabilities have been discovered in Wordpress, a popular
content management framework, which may lead to exposure of sensitive
information to an unauthorized actor in WordPress or allowing unauthenticated
attackers to discern the email addresses of users who have published public
posts on an affected website via an Oracle style attack.

Furthermore this update resolves a possible cross-site-scripting vulnerability,
a PHP File Upload bypass via the plugin installer and a possible remote code
execution vulnerability which requires an attacker to control all the
properties of a deserialized object though.

For the oldstable distribution (bullseye), these problems have been fixed
in version 5.7.11+dfsg1-0+deb11u1.

For the stable distribution (bookworm), these problems have been fixed in
version 6.1.6+dfsg1-0+deb12u1.

We recommend that you upgrade your wordpress packages.

For the detailed security status of wordpress please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/wordpress

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian12allwordpress-theme-twentytwentyone< 6.1.6+dfsg1-0+deb12u1wordpress-theme-twentytwentyone_6.1.6+dfsg1-0+deb12u1_all.deb
Debian11allwordpress-theme-twentynineteen< 5.7.11+dfsg1-0+deb11u1wordpress-theme-twentynineteen_5.7.11+dfsg1-0+deb11u1_all.deb
Debian12allwordpress< 6.1.6+dfsg1-0+deb12u1wordpress_6.1.6+dfsg1-0+deb12u1_all.deb
Debian11allwordpress< 5.7.11+dfsg1-0+deb11u1wordpress_5.7.11+dfsg1-0+deb11u1_all.deb
Debian12allwordpress-theme-twentytwentytwo< 6.1.6+dfsg1-0+deb12u1wordpress-theme-twentytwentytwo_6.1.6+dfsg1-0+deb12u1_all.deb
Debian11allwordpress-theme-twentytwentyone< 5.7.11+dfsg1-0+deb11u1wordpress-theme-twentytwentyone_5.7.11+dfsg1-0+deb11u1_all.deb
Debian12allwordpress-l10n< 6.1.6+dfsg1-0+deb12u1wordpress-l10n_6.1.6+dfsg1-0+deb12u1_all.deb
Debian11allwordpress-theme-twentytwenty< 5.7.11+dfsg1-0+deb11u1wordpress-theme-twentytwenty_5.7.11+dfsg1-0+deb11u1_all.deb
Debian11allwordpress-l10n< 5.7.11+dfsg1-0+deb11u1wordpress-l10n_5.7.11+dfsg1-0+deb11u1_all.deb
Debian12allwordpress-theme-twentytwentythree< 6.1.6+dfsg1-0+deb12u1wordpress-theme-twentytwentythree_6.1.6+dfsg1-0+deb12u1_all.deb

Related

openvas 12
nessus 30
osv 18
debian 2
prion 4
vulnrichment 1
veracode 5
githubexploit 5
debiancve 5
ubuntucve 5
wpvulndb 5
attackerkb 1
fedora 3
nvd 5
cvelist 5
cve 5
qualysblog 1
wordfence 3
wpexploit 1
packetstorm 1
zdt 1
avleonov 1
openvas
openvas
Debian: Security Advisory (DSA-5685-1)
2024-05-09 00:00:00
WordPress Multiple Vulnerabilities (Oct 2023) - Windows
2023-10-13 00:00:00
WordPress Multiple Vulnerabilities (Oct 2023) - Linux
2023-10-13 00:00:00
nessus
nessus
Debian dsa-5685 : wordpress - security update
2024-05-09 00:00:00
WordPress 6.0 < 6.3.2 Multiple Vulnerabilities
2023-10-12 00:00:00
Debian DLA-3658-1 : wordpress - LTS security update
2023-11-20 00:00:00
osv
osv
wordpress - security update
2024-05-08 00:00:00
wordpress - security update
2023-11-20 00:00:00
BIT-wordpress-2023-39999
2024-03-06 11:08:58
debian
debian
[SECURITY] [DLA 3658-1] wordpress security update
2023-11-20 21:26:30
[SECURITY] [DLA 3462-1] wordpress security update
2023-06-20 22:25:05
prion
prion
Design/Logic Flaw
2023-10-13 12:15:00
Code injection
2023-10-16 20:15:00
Cross site scripting
2023-10-13 10:15:00
vulnrichment
vulnrichment
CVE-2024-31210 PHP file upload bypass via Plugin installer
2024-04-04 22:59:28
veracode
veracode
Remote Code Execution
2024-04-08 04:22:14
Information Disclosure
2023-11-05 17:25:17
Cross-Site Scripting (XSS)
2023-11-05 09:14:22
githubexploit
githubexploit
Exploit for CVE-2024-31210
2024-06-13 00:24:56
Exploit for Vulnerability in Wordpress
2023-11-26 03:47:33
Exploit for CVE-2023-5561
2023-12-13 16:43:18
debiancve
debiancve
CVE-2023-39999
2023-10-13 12:15:09
CVE-2024-31210
2024-04-04 23:15:16
CVE-2023-38000
2023-10-13 10:15:09
ubuntucve
ubuntucve
CVE-2024-31210
2024-04-04 00:00:00
CVE-2023-39999
2023-10-13 00:00:00
CVE-2023-5561
2023-10-16 00:00:00
wpvulndb
wpvulndb
WP < 6.3.2 - Contributor+ Comment Disclosure
2023-10-13 00:00:00
Gutenberg < 16.8.1 - Contributor+ Stored XSS via Navigation Links Block
2023-10-13 00:00:00
WP 5.6-6.3.1 - Contributor+ Stored XSS via Navigation Block
2023-10-13 00:00:00
attackerkb
attackerkb
CVE-2023-39999
2023-10-13 00:00:00
fedora
fedora
[SECURITY] Fedora 39 Update: wordpress-6.3.2-1.fc39
2023-11-03 18:58:31
[SECURITY] Fedora 37 Update: wordpress-6.2.3-1.fc37
2023-10-25 01:24:30
[SECURITY] Fedora 38 Update: wordpress-6.3.2-1.fc38
2023-10-25 01:36:40
nvd
nvd
CVE-2024-31210
2024-04-04 23:15:16
CVE-2023-39999
2023-10-13 12:15:09
CVE-2023-38000
2023-10-13 10:15:09
cvelist
cvelist
CVE-2024-31210 PHP file upload bypass via Plugin installer
2024-04-04 22:59:28
CVE-2023-39999 WordPress < 6.3.2 is vulnerable to Broken Access Control
2023-10-13 11:31:16
CVE-2023-38000 Auth. Stored Cross-Site Scripting (XSS) vulnerability in WordPress core and Gutenberg plugin via Navigation Links Block
2023-10-13 09:55:54
cve
cve
CVE-2024-31210
2024-04-04 23:15:16
CVE-2023-39999
2023-10-13 12:15:09
CVE-2023-38000
2023-10-13 10:15:09
qualysblog
qualysblog
WordPress Remote Code Execution via Plugin Upload (CVE-2024-31210)
2024-04-15 16:12:05
wordfence
wordfence
WordPress Core 6.2.1 Security & Maintenance Release – What You Need to Know
2023-05-16 20:36:58
Wordfence Intelligence Weekly WordPress Vulnerability Report (October 9, 2023 to October 15, 2023)
2023-10-19 15:52:27
Wordfence Intelligence Weekly WordPress Vulnerability Report (May 15, 2023 to May 21, 2023)
2023-05-25 13:11:33
wpexploit
wpexploit
WP < 6.3.2 - Unauthenticated Post Author Email Disclosure
2023-10-13 00:00:00
packetstorm
packetstorm
WordPress Core 6.2 XSS / CSRF / Directory Traversal
2023-05-17 00:00:00
zdt
zdt
WordPress Core 6.2 XSS / CSRF / Directory Traversal Vulnerability
2023-05-19 00:00:00
avleonov
avleonov
November 2023 – January 2024: New Vulristics Features, 3 Months of Microsoft Patch Tuesdays and Linux Patch Wednesdays, Year 2023 in Review
2024-02-01 17:07:20

AI Score

7.3

Confidence

Low

EPSS

0.004

Percentile

73.2%

JSON
Related for DEBIAN:DSA-5685-1:AE2F3
openvas12nessus30osv18debian2prion4vulnrichment1veracode5githubexploit5debiancve5ubuntucve5wpvulndb5attackerkb1fedora3nvd5cvelist5cve5qualysblog1wordfence3wpexploit1packetstorm1zdt1avleonov1