Debian Wordpress vulnerabilities

CVE-2012-5868 [LOW] CVE-2012-5868: wordpress - WordPress 3.4.2 does not invalidate a wordpress_sec session cookie upon an admin... WordPress 3.4.2 does not invalidate a wordpress_sec session cookie upon an administrator's logout action, which makes it easier for remote attackers to discover valid session identifiers via a brute-force attack, or modify data via a replay attack. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2012-0782 [MEDIUM] CVE-2012-0782: wordpress - Multiple cross-site scripting (XSS) vulnerabilities in wp-admin/setup-config.php... Multiple cross-site scripting (XSS) vulnerabilities in wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) dbhost, (2) dbname, or (3) uname parameter. NOTE: the vendor disputes the significance of this issue; also, it is unclear whether this specific XSS sc

CVE-2012-0287 [LOW] CVE-2012-0287: wordpress - Cross-site scripting (XSS) vulnerability in wp-comments-post.php in WordPress 3.... Cross-site scripting (XSS) vulnerability in wp-comments-post.php in WordPress 3.3.x before 3.3.1, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via the query string in a POST operation that is not properly handled by the "Duplicate comment detected" feature. Scope: local bookworm: resolved (fixed in 3.3.1+dfsg-1) bulls

CVE-2012-4448 [MEDIUM] CVE-2012-4448: wordpress - Cross-site request forgery (CSRF) vulnerability in wp-admin/index.php in WordPre... Cross-site request forgery (CSRF) vulnerability in wp-admin/index.php in WordPress 3.4.2 allows remote attackers to hijack the authentication of administrators for requests that modify an RSS URL via a dashboard_incoming_links edit action. Scope: local bookworm: resolved (fixed in 3.5.1+dfsg-2) bullseye: resolved (fixed in 3.5.1+dfsg-2) forky: resolved (fixed in 3

CVE-2012-0937 [MEDIUM] CVE-2012-0937: wordpress - wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and e... wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier does not limit the number of MySQL queries sent to external MySQL database servers, which allows remote attackers to use WordPress as a proxy for brute-force attacks or denial of service attacks via the dbhost parameter, a different vulnerability than CVE-2011-4898. NOTE: the ve

CVE-2012-3383 [LOW] CVE-2012-3383: wordpress - The map_meta_cap function in wp-includes/capabilities.php in WordPress 3.4.x bef... The map_meta_cap function in wp-includes/capabilities.php in WordPress 3.4.x before 3.4.2, when the multisite feature is enabled, does not properly assign the unfiltered_html capability, which allows remote authenticated users to bypass intended access restrictions and conduct cross-site scripting (XSS) attacks by leveraging the Administrator or Editor role and compo

CVE-2011-3122 [CRITICAL] CVE-2011-3122: wordpress - Unspecified vulnerability in WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 ha... Unspecified vulnerability in WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 has unknown impact and attack vectors related to "Media security." Scope: local bookworm: resolved (fixed in 3.2.1+dfsg-1) bullseye: resolved (fixed in 3.2.1+dfsg-1) forky: resolved (fixed in 3.2.1+dfsg-1) sid: resolved (fixed in 3.2.1+dfsg-1) trixie: resolved (fixed in 3.2.1+dfsg-1)

CVE-2011-3129 [CRITICAL] CVE-2011-3129: wordpress - The file upload functionality in WordPress 3.1 before 3.1.3 and 3.2 before Beta ... The file upload functionality in WordPress 3.1 before 3.1.3 and 3.2 before Beta 2, when running "on hosts with dangerous security settings," has unknown impact and attack vectors, possibly related to dangerous filenames. Scope: local bookworm: resolved (fixed in 3.2.1+dfsg-1) bullseye: resolved (fixed in 3.2.1+dfsg-1) forky: resolved (fixed in 3.2.1+dfsg-1) sid:

CVE-2011-3125 [CRITICAL] CVE-2011-3125: wordpress - Unspecified vulnerability in WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 ha... Unspecified vulnerability in WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 has unknown impact and attack vectors related to "Various security hardening." Scope: local bookworm: resolved (fixed in 3.2.1+dfsg-1) bullseye: resolved (fixed in 3.2.1+dfsg-1) forky: resolved (fixed in 3.2.1+dfsg-1) sid: resolved (fixed in 3.2.1+dfsg-1) trixie: resolved (fixed in 3.2

CVE-2011-3130 [HIGH] CVE-2011-3130: wordpress - wp-includes/taxonomy.php in WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 has... wp-includes/taxonomy.php in WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 has unknown impact and attack vectors related to "Taxonomy query hardening," possibly involving SQL injection. Scope: local bookworm: resolved (fixed in 3.2.1+dfsg-1) bullseye: resolved (fixed in 3.2.1+dfsg-1) forky: resolved (fixed in 3.2.1+dfsg-1) sid: resolved (fixed in 3.2.1+dfsg-1) tri

CVE-2011-3128 [MEDIUM] CVE-2011-3128: wordpress - WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 treats unattached attachments a... WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 treats unattached attachments as published, which might allow remote attackers to obtain sensitive data via vectors related to wp-includes/post.php. Scope: local bookworm: resolved (fixed in 3.2.1+dfsg-1) bullseye: resolved (fixed in 3.2.1+dfsg-1) forky: resolved (fixed in 3.2.1+dfsg-1) sid: resolved (fixed in 3.2.1

CVE-2011-4957 [MEDIUM] CVE-2011-4957: wordpress - The make_clickable function in wp-includes/formatting.php in WordPress before 3.... The make_clickable function in wp-includes/formatting.php in WordPress before 3.1.1 does not properly check URLs before passing them to the PCRE library, which allows remote attackers to cause a denial of service (crash) via a comment with a crafted URL that triggers many recursive calls. Scope: local bookworm: resolved (fixed in 3.2.1+dfsg-1) bullseye: resolved (

CVE-2011-0701 [MEDIUM] CVE-2011-0701: wordpress - wp-admin/async-upload.php in the media uploader in WordPress before 3.0.5 allows... wp-admin/async-upload.php in the media uploader in WordPress before 3.0.5 allows remote authenticated users to read (1) draft posts or (2) private posts via a modified attachment_id parameter. Scope: local bookworm: resolved (fixed in 3.0.5+dfsg-1) bullseye: resolved (fixed in 3.0.5+dfsg-1) forky: resolved (fixed in 3.0.5+dfsg-1) sid: resolved (fixed in 3.0.5+dfsg

CVE-2011-3126 [MEDIUM] CVE-2011-3126: wordpress - WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 allows remote attackers to dete... WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 allows remote attackers to determine usernames of non-authors via canonical redirects. Scope: local bookworm: resolved (fixed in 3.2.1+dfsg-1) bullseye: resolved (fixed in 3.2.1+dfsg-1) forky: resolved (fixed in 3.2.1+dfsg-1) sid: resolved (fixed in 3.2.1+dfsg-1) trixie: resolved (fixed in 3.2.1+dfsg-1)

CVE-2011-3127 [MEDIUM] CVE-2011-3127: wordpress - WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 does not prevent rendering for ... WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 does not prevent rendering for (1) admin or (2) login pages inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site. Scope: local bookworm: resolved (fixed in 3.2.1+dfsg-1) bullseye: resolved (fixed in 3.2.1+dfsg-1) forky: resol

CVE-2011-4956 [MEDIUM] CVE-2011-4956: wordpress - Cross-site scripting (XSS) vulnerability in WordPress before 3.1.1 allows remote... Cross-site scripting (XSS) vulnerability in WordPress before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Scope: local bookworm: resolved (fixed in 3.2.1+dfsg-1) bullseye: resolved (fixed in 3.2.1+dfsg-1) forky: resolved (fixed in 3.2.1+dfsg-1) sid: resolved (fixed in 3.2.1+dfsg-1) trixie: resolved (fixed in 3.2.1+d

CVE-2011-5270 [MEDIUM] CVE-2011-5270: wordpress - wp-admin/press-this.php in WordPress before 3.0.6 does not enforce the publish_p... wp-admin/press-this.php in WordPress before 3.0.6 does not enforce the publish_posts capability requirement, which allows remote authenticated users to perform publish actions by leveraging the Contributor role. Scope: local bookworm: resolved (fixed in 3.2.1+dfsg-1) bullseye: resolved (fixed in 3.2.1+dfsg-1) forky: resolved (fixed in 3.2.1+dfsg-1) sid: resolved (

CVE-2011-1762 [MEDIUM] CVE-2011-1762: wordpress - A flaw exists in Wordpress related to the 'wp-admin/press-this.php 'script impro... A flaw exists in Wordpress related to the 'wp-admin/press-this.php 'script improperly checking user permissions when publishing posts. This may allow a user with 'Contributor-level' privileges to post as if they had 'publish_posts' permission. Scope: local bookworm: resolved (fixed in 3.2.1+dfsg-1) bullseye: resolved (fixed in 3.2.1+dfsg-1) forky: resolved (fixed

CVE-2011-4898 [MEDIUM] CVE-2011-4898: wordpress - wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and e... wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier generates different error messages for requests lacking a dbname parameter depending on whether the MySQL credentials are valid, which makes it easier for remote attackers to conduct brute-force attacks via a series of requests with different uname and pwd parameters. NOTE: the

CVE-2011-0700 [LOW] CVE-2011-0700: wordpress - Multiple cross-site scripting (XSS) vulnerabilities in WordPress before 3.0.5 al... Multiple cross-site scripting (XSS) vulnerabilities in WordPress before 3.0.5 allow remote authenticated users to inject arbitrary web script or HTML via vectors related to (1) the Quick/Bulk Edit title (aka post title or post_title), (2) post_status, (3) comment_status, (4) ping_status, and (5) escaping of tags within the tags meta box. Scope: local bookworm: resolv