Debian LTS Advisory ([SECURITY] [DLA 1366-1] wordpress security update)

Two vulnerabilities were discovered in wordpress, a web blogging tool. The Common Vulnerabilities and Exposures project identifies the following issues. CVE-2018-10100 The redirection URL for the login page was not validated or sanitized if forced to use HTTPS. CVE-2018-10102 The version string was not escaped in the get_the_generator function, and could lead to cross-site scripting (XSS) in a generator tag.

wordpress on Debian Linux

This check tests the installed software version using the apt package manager.

For Debian 7 'Wheezy', these problems have been fixed in version 3.6.1+dfsg-1~deb7u21. We recommend that you upgrade your wordpress packages.