Debian Security Advisory
DSA-3444-1 wordpress -- security update
- Date Reported:
- 13 Jan 2016
- Affected Packages:
- wordpress
- Vulnerable:
- Yes
- Security database references:
- In the Debian bugtracking system: Bug 810325.
In Mitre's CVE dictionary: CVE-2016-1564. - More information:
-
Crtc4L discovered a cross-site scripting vulnerability in wordpress, a web blogging tool, allowing a remote authenticated administrator to compromise the site.
For the oldstable distribution (wheezy), this problem has been fixed in version 3.6.1+dfsg-1~deb7u9.
For the stable distribution (jessie), this problem has been fixed in version 4.1+dfsg-1+deb8u7.
For the unstable distribution (sid), this problem has been fixed in version 4.4.1+dfsg-1.
We recommend that you upgrade your wordpress packages.