Debian Security Advisory

DSA-4599-1 wordpress -- security update

Date Reported:
08 Jan 2020
Affected Packages:
wordpress
Vulnerable:
Yes
Security database references:
In the Debian bugtracking system: Bug 939543, Bug 942459, Bug 946905.
In Mitre's CVE dictionary: CVE-2019-16217, CVE-2019-16218, CVE-2019-16219, CVE-2019-16220, CVE-2019-16221, CVE-2019-16222, CVE-2019-16223, CVE-2019-16780, CVE-2019-16781, CVE-2019-17669, CVE-2019-17671, CVE-2019-17672, CVE-2019-17673, CVE-2019-17674, CVE-2019-17675, CVE-2019-20041, CVE-2019-20042, CVE-2019-20043.
More information:

Several vulnerabilities were discovered in Wordpress, a web blogging tool. They allowed remote attackers to perform various Cross-Side Scripting (XSS) and Cross-Site Request Forgery (CSRF) attacks, create open redirects, poison cache, and bypass authorization access and input sanitation.

For the stable distribution (buster), these problems have been fixed in version 5.0.4+dfsg1-1+deb10u1.

We recommend that you upgrade your wordpress packages.

For the detailed security status of wordpress please refer to its security tracker page at: https://security-tracker.debian.org/tracker/wordpress