FreeBSD : wordpress -- multiple vulnerabilities (043d3a78-f245-4938-9bc7-3d0d35dd94bf)
High Nessus Plugin ID 70515
SynopsisThe remote FreeBSD host is missing one or more security-related updates.
DescriptionThe wordpress development team reports :
- Block unsafe PHP unserialization that could occur in limited situations and setups, which can lead to remote code execution.
- Prevent a user with an Author role, using a specially crafted request, from being able to create a post 'written by' another user.
- Fix insufficient input validation that could result in redirecting or leading a user to another website.
Additionally, we've adjusted security restrictions around file uploads to mitigate the potential for cross-site scripting.
SolutionUpdate the affected packages.