Debian Wordpress vulnerabilities

CVE-2018-10102 [MEDIUM] CVE-2018-10102: wordpress - Before WordPress 4.9.5, the version string was not escaped in the get_the_genera... Before WordPress 4.9.5, the version string was not escaped in the get_the_generator function, and could lead to XSS in a generator tag. Scope: local bookworm: resolved (fixed in 4.9.5+dfsg1-1) bullseye: resolved (fixed in 4.9.5+dfsg1-1) forky: resolved (fixed in 4.9.5+dfsg1-1) sid: resolved (fixed in 4.9.5+dfsg1-1) trixie: resolved (fixed in 4.9.5+dfsg1-1)

CVE-2018-10101 [MEDIUM] CVE-2018-10101: wordpress - Before WordPress 4.9.5, the URL validator assumed URLs with the hostname localho... Before WordPress 4.9.5, the URL validator assumed URLs with the hostname localhost were on the same host as the WordPress server. Scope: local bookworm: resolved (fixed in 4.9.5+dfsg1-1) bullseye: resolved (fixed in 4.9.5+dfsg1-1) forky: resolved (fixed in 4.9.5+dfsg1-1) sid: resolved (fixed in 4.9.5+dfsg1-1) trixie: resolved (fixed in 4.9.5+dfsg1-1)

CVE-2018-20150 [MEDIUM] CVE-2018-20150: wordpress - In WordPress before 4.9.9 and 5.x before 5.0.1, crafted URLs could trigger XSS f... In WordPress before 4.9.9 and 5.x before 5.0.1, crafted URLs could trigger XSS for certain use cases involving plugins. Scope: local bookworm: resolved (fixed in 5.0.1+dfsg1-1) bullseye: resolved (fixed in 5.0.1+dfsg1-1) forky: resolved (fixed in 5.0.1+dfsg1-1) sid: resolved (fixed in 5.0.1+dfsg1-1) trixie: resolved (fixed in 5.0.1+dfsg1-1)

CVE-2018-20153 [MEDIUM] CVE-2018-20153: wordpress - In WordPress before 4.9.9 and 5.x before 5.0.1, contributors could modify new co... In WordPress before 4.9.9 and 5.x before 5.0.1, contributors could modify new comments made by users with greater privileges, possibly causing XSS. Scope: local bookworm: resolved (fixed in 5.0.1+dfsg1-1) bullseye: resolved (fixed in 5.0.1+dfsg1-1) forky: resolved (fixed in 5.0.1+dfsg1-1) sid: resolved (fixed in 5.0.1+dfsg1-1) trixie: resolved (fixed in 5.0.1+df

CVE-2018-20152 [MEDIUM] CVE-2018-20152: wordpress - In WordPress before 4.9.9 and 5.x before 5.0.1, authors could bypass intended re... In WordPress before 4.9.9 and 5.x before 5.0.1, authors could bypass intended restrictions on post types via crafted input. Scope: local bookworm: resolved (fixed in 5.0.1+dfsg1-1) bullseye: resolved (fixed in 5.0.1+dfsg1-1) forky: resolved (fixed in 5.0.1+dfsg1-1) sid: resolved (fixed in 5.0.1+dfsg1-1) trixie: resolved (fixed in 5.0.1+dfsg1-1)

CVE-2018-5776 [MEDIUM] CVE-2018-5776: wordpress - WordPress before 4.9.2 has XSS in the Flash fallback files in MediaElement (unde... WordPress before 4.9.2 has XSS in the Flash fallback files in MediaElement (under wp-includes/js/mediaelement). Scope: local bookworm: resolved (fixed in 4.9.2+dfsg-1) bullseye: resolved (fixed in 4.9.2+dfsg-1) forky: resolved (fixed in 4.9.2+dfsg-1) sid: resolved (fixed in 4.9.2+dfsg-1) trixie: resolved (fixed in 4.9.2+dfsg-1)

CVE-2018-20147 [MEDIUM] CVE-2018-20147: wordpress - In WordPress before 4.9.9 and 5.x before 5.0.1, authors could modify metadata to... In WordPress before 4.9.9 and 5.x before 5.0.1, authors could modify metadata to bypass intended restrictions on deleting files. Scope: local bookworm: resolved (fixed in 5.0.1+dfsg1-1) bullseye: resolved (fixed in 5.0.1+dfsg1-1) forky: resolved (fixed in 5.0.1+dfsg1-1) sid: resolved (fixed in 5.0.1+dfsg1-1) trixie: resolved (fixed in 5.0.1+dfsg1-1)

CVE-2018-10100 [MEDIUM] CVE-2018-10100: wordpress - Before WordPress 4.9.5, the redirection URL for the login page was not validated... Before WordPress 4.9.5, the redirection URL for the login page was not validated or sanitized if forced to use HTTPS. Scope: local bookworm: resolved (fixed in 4.9.5+dfsg1-1) bullseye: resolved (fixed in 4.9.5+dfsg1-1) forky: resolved (fixed in 4.9.5+dfsg1-1) sid: resolved (fixed in 4.9.5+dfsg1-1) trixie: resolved (fixed in 4.9.5+dfsg1-1)

CVE-2018-14028 [HIGH] CVE-2018-14028: wordpress - In WordPress 4.9.7, plugins uploaded via the admin area are not verified as bein... In WordPress 4.9.7, plugins uploaded via the admin area are not verified as being ZIP files. This allows for PHP files to be uploaded. Once a PHP file is uploaded, the plugin extraction fails, but the PHP file remains in a predictable wp-content/uploads location, allowing for an attacker to then execute the file. This represents a security risk in limited scenario

CVE-2018-6389 [HIGH] CVE-2018-6389: wordpress - In WordPress through 4.9.2, unauthenticated attackers can cause a denial of serv... In WordPress through 4.9.2, unauthenticated attackers can cause a denial of service (resource consumption) by using the large list of registered .js files (from wp-includes/script-loader.php) to construct a series of requests to load every file many times. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2017-16510 [CRITICAL] CVE-2017-16510: wordpress - WordPress before 4.8.3 is affected by an issue where $wpdb->prepare() can create... WordPress before 4.8.3 is affected by an issue where $wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi) in plugins and themes, as demonstrated by a "double prepare" approach, a different vulnerability than CVE-2017-14723. Scope: local bookworm: resolved (fixed in 4.8.3+dfsg-1) bullseye: resolved (fixed in 4.8.3+

CVE-2017-14723 [CRITICAL] CVE-2017-14723: wordpress - Before version 4.8.2, WordPress mishandled % characters and additional placehold... Before version 4.8.2, WordPress mishandled % characters and additional placeholder values in $wpdb->prepare, and thus did not properly address the possibility of plugins and themes enabling SQL injection attacks. Scope: local bookworm: resolved (fixed in 4.8.2+dfsg-1) bullseye: resolved (fixed in 4.8.2+dfsg-1) forky: resolved (fixed in 4.8.2+dfsg-1) sid: resol

CVE-2017-5611 [CRITICAL] CVE-2017-5611: wordpress - SQL injection vulnerability in wp-includes/class-wp-query.php in WP_Query in Wor... SQL injection vulnerability in wp-includes/class-wp-query.php in WP_Query in WordPress before 4.7.2 allows remote attackers to execute arbitrary SQL commands by leveraging the presence of an affected plugin or theme that mishandles a crafted post type name. Scope: local bookworm: resolved (fixed in 4.7.2+dfsg-1) bullseye: resolved (fixed in 4.7.2+dfsg-1) forky:

CVE-2017-14722 [HIGH] CVE-2017-14722: wordpress - Before version 4.8.2, WordPress allowed a Directory Traversal attack in the Cust... Before version 4.8.2, WordPress allowed a Directory Traversal attack in the Customizer component via a crafted theme filename. Scope: local bookworm: resolved (fixed in 4.8.2+dfsg-1) bullseye: resolved (fixed in 4.8.2+dfsg-1) forky: resolved (fixed in 4.8.2+dfsg-1) sid: resolved (fixed in 4.8.2+dfsg-1) trixie: resolved (fixed in 4.8.2+dfsg-1)

CVE-2017-9065 [HIGH] CVE-2017-9065: wordpress - In WordPress before 4.7.5, there is a lack of capability checks for post meta da... In WordPress before 4.7.5, there is a lack of capability checks for post meta data in the XML-RPC API. Scope: local bookworm: resolved (fixed in 4.7.5+dfsg-1) bullseye: resolved (fixed in 4.7.5+dfsg-1) forky: resolved (fixed in 4.7.5+dfsg-1) sid: resolved (fixed in 4.7.5+dfsg-1) trixie: resolved (fixed in 4.7.5+dfsg-1)

CVE-2017-9066 [HIGH] CVE-2017-9066: wordpress - In WordPress before 4.7.5, there is insufficient redirect validation in the HTTP... In WordPress before 4.7.5, there is insufficient redirect validation in the HTTP class, leading to SSRF. Scope: local bookworm: resolved (fixed in 4.7.5+dfsg-1) bullseye: resolved (fixed in 4.7.5+dfsg-1) forky: resolved (fixed in 4.7.5+dfsg-1) sid: resolved (fixed in 4.7.5+dfsg-1) trixie: resolved (fixed in 4.7.5+dfsg-1)

CVE-2017-5492 [HIGH] CVE-2017-5492: wordpress - Cross-site request forgery (CSRF) vulnerability in the widget-editing accessibil... Cross-site request forgery (CSRF) vulnerability in the widget-editing accessibility-mode feature in WordPress before 4.7.1 allows remote attackers to hijack the authentication of unspecified victims for requests that perform a widgets-access action, related to wp-admin/includes/class-wp-screen.php and wp-admin/widgets.php. Scope: local bookworm: resolved (fixed in 4

CVE-2017-9064 [HIGH] CVE-2017-9064: wordpress - In WordPress before 4.7.5, a Cross Site Request Forgery (CSRF) vulnerability exi... In WordPress before 4.7.5, a Cross Site Request Forgery (CSRF) vulnerability exists in the filesystem credentials dialog because a nonce is not required for updating credentials. Scope: local bookworm: resolved (fixed in 4.7.5+dfsg-1) bullseye: resolved (fixed in 4.7.5+dfsg-1) forky: resolved (fixed in 4.7.5+dfsg-1) sid: resolved (fixed in 4.7.5+dfsg-1) trixie: reso

CVE-2017-14719 [HIGH] CVE-2017-14719: wordpress - Before version 4.8.2, WordPress was vulnerable to a directory traversal attack d... Before version 4.8.2, WordPress was vulnerable to a directory traversal attack during unzip operations in the ZipArchive and PclZip components. Scope: local bookworm: resolved (fixed in 4.8.2+dfsg-1) bullseye: resolved (fixed in 4.8.2+dfsg-1) forky: resolved (fixed in 4.8.2+dfsg-1) sid: resolved (fixed in 4.8.2+dfsg-1) trixie: resolved (fixed in 4.8.2+dfsg-1)

CVE-2017-1001000 [HIGH] CVE-2017-1001000: wordpress - The register_routes function in wp-includes/rest-api/endpoints/class-wp-rest-pos... The register_routes function in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php in the REST API in WordPress 4.7.x before 4.7.2 does not require an integer identifier, which allows remote attackers to modify arbitrary pages via a request for wp-json/wp/v2/posts followed by a numeric value and a non-numeric value, as demonstrated by the wp-jso