vulnerability
FreeBSD: VID-7b97b32e-27c4-11ea-9673-4c72b94353b5: wordpress -- multiple issues
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:N/AC:M/Au:N/C:P/I:P/A:N) | Dec 26, 2019 | Dec 27, 2019 | Dec 10, 2025 |
Severity
6
CVSS
(AV:N/AC:M/Au:N/C:P/I:P/A:N)
Published
Dec 26, 2019
Added
Dec 27, 2019
Modified
Dec 10, 2025
Description
wordpress developers reports: Four security issues affect WordPress versions 5.3 and earlier; version 5.3.1 fixes them, so youll want to upgrade. If you havent yet updated to 5.3, there are also updated versions of 5.2 and earlier that fix the security issues. -Props to Daniel Bachhuber for finding an issue where an unprivileged user could make a post sticky via the REST API. -Props to Simon Scannell of RIPS Technologies for finding and disclosing an issue where cross-site scripting (XSS) could be stored in well-crafted links. -Props to the WordPress.org Security Team for hardening wp_kses_bad_protocol() to ensure that it is aware of the named colon attribute. -Props to Nguyen The Duc for discovering a stored XSS vulnerability using block editor content.
Solutions
freebsd-upgrade-package-wordpressfreebsd-upgrade-package-fr-wordpressfreebsd-upgrade-package-de-wordpressfreebsd-upgrade-package-zh_cn-wordpressfreebsd-upgrade-package-zh_tw-wordpressfreebsd-upgrade-package-ja-wordpressfreebsd-upgrade-package-ru-wordpress
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.