FreeBSD : wordpress -- multiple vulnerabilities (bfcc23b6-3b27-11e6-8e82-002590263bf5)
Medium Nessus Plugin ID 91840
SynopsisThe remote FreeBSD host is missing one or more security-related updates.
DescriptionAdam Silverstein reports :
WordPress 4.5.3 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.
WordPress versions 4.5.2 and earlier are affected by several security issues: redirect bypass in the customizer, reported by Yassine Aboukir; two different XSS problems via attachment names, reported by Jouko Pynnonenand Divyesh Prajapati; revision history information disclosure, reported independently by John Blackbourn from the WordPress security team and by Dan Moen from the Wordfence Research Team; oEmbed denial of service reported by Jennifer Dodd from Automattic; unauthorized category removal from a post, reported by David Herrera from Alley Interactive; password change via stolen cookie, reported by Michael Adams from the WordPress security team;
and some less secure sanitize_file_name edge cases reported by Peter Westwood of the WordPress security team.
SolutionUpdate the affected packages.