|Category:||Debian Local Security Checks|
|Title:||Debian LTS: Security Advisory for wordpress (DLA-2269-1)|
|Summary:||The remote host is missing an update for the 'wordpress'; package(s) announced via the DLA-2269-1 advisory.|
The remote host is missing an update for the 'wordpress'
package(s) announced via the DLA-2269-1 advisory.
Several vulnerabilities were discovered in Wordpress, a web
blogging tool. They allowed remote attackers to perform
various Cross-Side Scripting (XSS) attacks, create open
redirects, escalate privileges, and bypass authorization
In affected versions of WordPress, users with low
privileges (like contributors and authors) can use the
embed block in a certain way to inject unfiltered HTML
in the block editor. When affected posts are viewed by a
higher privileged user, this could lead to script
execution in the editor/wp-admin.
In affected versions of WordPress, authenticated users with
upload permissions (like authors) are able to inject
way. This can lead to script execution in the context of a
higher privileged user when the file is viewed by them.
In affected versions of WordPress, due to an issue in
wp_validate_redirect() and URL sanitization, an arbitrary
external link can be crafted leading to unintended/open
redirect when clicked.
In affected versions of WordPress, when uploading themes, the
name of the theme folder can be crafted in a way that could
This does require an admin to upload the theme, and is low
In affected versions of WordPress, misuse of the
`set-screen-option` filter's return value allows arbitrary
user meta fields to be saved. It does require an admin to
install a plugin that would misuse the filter. Once installed,
it can be leveraged by low privileged users.
'wordpress' package(s) on Debian Linux.
For Debian 8 'Jessie', these problems have been fixed in version
We recommend that you upgrade your wordpress packages.
Common Vulnerability Exposure (CVE) ID: CVE-2020-4046|
Debian Security Information: DSA-4709 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2020-4047
Common Vulnerability Exposure (CVE) ID: CVE-2020-4048
Common Vulnerability Exposure (CVE) ID: CVE-2020-4049
Common Vulnerability Exposure (CVE) ID: CVE-2020-4050
|Copyright||Copyright (C) 2020 Greenbone Networks GmbH|
|This is only one of 85075 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.