5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
0.012 Low
EPSS
Percentile
85.2%
Adam Silverstein reports:
WordPress 4.5.3 is now available. This is a security release for
all previous versions and we strongly encourage you to update your
sites immediately.
WordPress versions 4.5.2 and earlier are affected by several
security issues: redirect bypass in the customizer, reported by
Yassine Aboukir; two different XSS problems via attachment names,
reported by Jouko PynnΓΆnenand Divyesh Prajapati; revision history
information disclosure, reported independently by John Blackbourn
from the WordPress security team and by Dan Moen from the Wordfence
Research Team; oEmbed denial of service reported by Jennifer Dodd
from Automattic; unauthorized category removal from a post, reported
by David Herrera from Alley Interactive; password change via stolen
cookie, reported by Michael Adams from the WordPress security team;
and some less secure sanitize_file_name edge cases reported by Peter
Westwood of the WordPress security team.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
FreeBSD | any | noarch | wordpress | <Β 4.5.3,1 | UNKNOWN |
FreeBSD | any | noarch | de-wordpress | <Β 4.5.3 | UNKNOWN |
FreeBSD | any | noarch | ja-wordpress | <Β 4.5.3 | UNKNOWN |
FreeBSD | any | noarch | ru-wordpress | <Β 4.5.3 | UNKNOWN |
FreeBSD | any | noarch | zh-wordpress-zh_cn | <Β 4.5.3 | UNKNOWN |
FreeBSD | any | noarch | zh-wordpress-zh_tw | <Β 4.5.3 | UNKNOWN |
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
0.012 Low
EPSS
Percentile
85.2%