6.4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
0.142 Low
EPSS
Percentile
95.7%
Wordpress reports:
WordPress 3.5.1 also addresses the following security issues:
A server-side request forgery vulnerability and remote port
scanning using pingbacks. This vulnerability, which could
potentially be used to expose information and compromise a
site, affects all previous WordPress versions. This was fixed
by the WordPress security team. We’d like to thank security
researchers Gennady
Kovshenin and Ryan
Dewhurst for reviewing our work.
Two instances of cross-site scripting via shortcodes and post
content. These issues were discovered by Jon Cave of the WordPress
security team.
A cross-site scripting vulnerability in the external library
Plupload. Thanks to the Moxiecode team for working with us on
this, and for releasing Plupload 1.5.5 to address this issue.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
FreeBSD | any | noarch | wordpress | < 3.5.1,1 | UNKNOWN |
FreeBSD | any | noarch | zh-wordpress-zh_cn | < 3.5.1 | UNKNOWN |
FreeBSD | any | noarch | zh-wordpress-zh_tw | < 3.5.1 | UNKNOWN |
FreeBSD | any | noarch | de-wordpress | < 3.5.1 | UNKNOWN |
FreeBSD | any | noarch | ja-wordpress | < 3.5.1 | UNKNOWN |
FreeBSD | any | noarch | ru-wordpress | < 3.5.1 | UNKNOWN |