Multiple security vulnerabilities in versions earlier than WordPress 4.2.4
Multiple security vulnerabilities in versions earlier than WordPress 4.2.4
Release date:
Updated on:
Affected Systems:
WordPress <4.2.4
Description:
Bugtraq id: 76160
CVE (CAN) ID: CVE-2015-2213, CVE-2015-5730, CVE-2015-5731, CVE-2015-5732
WordPress is a blog platform developed in PHP.
In versions earlier than WordPress 4.2.4, SQL injection and XSS vulnerabilities exist. Attackers can exploit these vulnerabilities to steal cookie authentication creden。, control applications, and access or modify data.
<* Source: Netanel Rubin
Johannes Schmitt
Mohamed A. Baset
*>
Suggestion:
Vendor patch:
WordPress
---------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://wordpress.org/
This article permanently updates the link address: