1296904 – (CVE-2016-1564) CVE-2016-1564 wordpress: cross-site scripting fixed in wordpress 4.4.1

Bug 1296904 (CVE-2016-1564) - CVE-2016-1564 wordpress: cross-site scripting fixed in wordpress 4.4.1

Summary: CVE-2016-1564 wordpress: cross-site scripting fixed in wordpress 4.4.1

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	CVE-2016-1564
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2016-01-08 11:39 UTC by Martin Prpič
Modified:	2021-02-17 04:32 UTC (History)
CC List:	3 users (show)
Fixed In Version:	wordpress 4.4.1
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2016-01-08 14:49:14 UTC
Embargoed:

Attachments	(Terms of Use)

Description Martin Prpič 2016-01-08 11:39:50 UTC

A cross-site scripting (XSS) flaw was found in WordPress:

WordPress versions 4.4 and earlier are affected by a cross-site scripting vulnerability that could allow a site to be compromised. This was reported by Crtc4L.

This issue was fixed in the 4.4.1 release.

External References:

https://wordpress.org/news/2016/01/wordpress-4-4-1-security-and-maintenance-release/

Comment 1 Martin Prpič 2016-01-08 14:49:14 UTC

This was fixed in Fedora and EPEL via:

wordpress-4.4.1-1.fc22
wordpress-4.4.1-1.fc23
wordpress-4.4.1-1.fc24
wordpress-4.4.1-1.el6
wordpress-4.4.1-1.el7
wordpress-4.4.1-1.el5

Note You need to log in before you can comment on or make changes to this bug.