WordPress 3.5.2 update.

by on Jun 22, 2013, 12:11
0

Astăzi celebra platformă de blogging WordPress ne aduce un nou update, rezolvând o parte de probleme de securitate precum și alte fixuri.

Screen Shot 2013-06-22 at 12.04.09

 

Change log:

* Server-Side Request Forgery (SSRF) via the HTTP API. CVE-2013-2199.
* Privilege Escalation: Contributors can publish posts, and users can reassign authorship. CVE-2013-2200.
* Cross-Site Scripting (XSS) in SWFUpload. CVE-2013-2205.
* Denial of Service (DoS) via Post Password Cookies. CVE-2013-2173.
* Content Spoofing via Flash Applet in TinyMCE Media Plugin. CVE-2013-2204.
* Cross-Site Scripting (XSS) when Uploading Media. CVE-2013-2201.
* Full Path Disclosure (FPD) during File Upload. CVE-2013-2203.
* Cross-Site Scripting (XSS) (Low Severity) when Editing Media. CVE-2013-2201.
* Cross-Site Scripting (XSS) (Low Severity) when Installing/Updating Plugins/Themes. CVE-2013-2201.
* XML External Entity Injection (XXE) via oEmbed. CVE-2013-2202.

Files revised:

readme.html
wp-admin/includes/media.php
wp-admin/includes/class-wp-importer.php
wp-admin/includes/file.php
wp-admin/includes/post.php
wp-admin/includes/upgrade.php
wp-admin/includes/schema.php
wp-admin/includes/class-wp-upgrader.php
wp-admin/includes/update-core.php
wp-admin/update.php
wp-admin/about.php
wp-admin/edit-form-advanced.php
wp-login.php
wp-includes/class-wp-xmlrpc-server.php
wp-includes/rss.php
wp-includes/functions.php
wp-includes/formatting.php
wp-includes/post.php
wp-includes/media-template.php
wp-includes/deprecated.php
wp-includes/wp-db.php
wp-includes/user.php
wp-includes/class-wp-admin-bar.php
wp-includes/version.php
wp-includes/class-phpass.php
wp-includes/comment.php
wp-includes/pluggable.php
wp-includes/class-feed.php
wp-includes/script-loader.php
wp-includes/class-http.php
wp-includes/js/media-editor.min.js
wp-includes/js/swfupload/swfupload-all.js
wp-includes/js/swfupload/handlers.js
wp-includes/js/swfupload/handlers.min.js
wp-includes/js/swfupload/swfupload.swf
wp-includes/js/plupload/handlers.js
wp-includes/js/plupload/handlers.min.js
wp-includes/js/tinymce/wp-tinymce.js.gz
wp-includes/js/tinymce/plugins/media/moxieplayer.swf
wp-includes/js/tinymce/tiny_mce.js
wp-includes/js/media-editor.js
wp-includes/class-oembed.php
wp-includes/post-template.php
wp-includes/http.php

 

NO COMMENTS

Leave a Reply


1. Comentariile fițoșilor, îngâmfațiilor și atotștiutorilor vor dispărea instantaneu!
2. Voia bună este la ea acasă, comentează acum!
3. Orice comentariu, este aprobat automat, dar poate fi șters fără explicații!