Debian Security Advisory DSA 3328-1 (wordpress - security update)

Published: 2015-08-03 22:00:00
CVE Author: NIST National Vulnerability Database (NVD)

CVSS Base Vector:

Solution Type:
Vendor Patch

Detection Type:
Linux Distribution Package

Affected Versions:
wordpress on Debian Linux

For the stable distribution (jessie), these problems have been fixed in version 4.1+dfsg-1+deb8u2. For the unstable distribution (sid), these problems have been fixed in version 4.2.3+dfsg-1. We recommend that you upgrade your wordpress Linux Distribution Packages.

Several vulnerabilities have been found in Wordpress, the popular blogging engine. CVE-2015-3429 The file example.html in the Genericicons icon font Linux Distribution Package and twentyfifteen Wordpress theme allowed for cross site scripting. CVE-2015-5622 The robustness of the shortcodes HTML tags filter has been improved. The parsing is a bit more strict, which may affect your installation. CVE-2015-5623 A cross site scripting vulnerability allowed users with the Contributor or Author role to elevate their privileges. The oldstable distribution (wheezy) is only affected by CVE-2015-5622 . This less critical issue will be fixed at a later time.

Detection Method:
This check tests the installed software version using the apt Linux Distribution Package manager.

NIST (National Institute of Standards and Technology) NVD (National Vulnerability Database)


CVSS Score

You never have to pay for a vulnerability scanning and management software again.

Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage your vulnerabilities. It is free and always will be.