FreeBSD : wordpress -- multiple vulnerabilities (049332d2-f6e1-11e2-82f3-000c29ee3065)
Medium Nessus Plugin ID 69087
SynopsisThe remote FreeBSD host is missing one or more security-related updates.
DescriptionThe wordpress development team reports :
- Blocking server-side request forgery attacks, which could potentially enable an attacker to gain access to a site
- Disallow contributors from improperly publishing posts
- An update to the SWFUpload external library to fix cross-site scripting vulnerabilities
- Prevention of a denial of service attack, affecting sites using password-protected posts
- An update to an external TinyMCE library to fix a cross-site scripting vulnerability
- Multiple fixes for cross-site scripting
- Avoid disclosing a full file path when a upload fails
SolutionUpdate the affected packages.