Common Vulnerabilities and Exposures assigned an identifier CVE-2012-2403 to the following vulnerability: wp-includes/formatting.php in WordPress before 3.3.2 attempts to enable clickable links inside attributes, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors. References: http://core.trac.wordpress.org/changeset/20493/branches/3.3/wp-includes/capabilities.php http://core.trac.wordpress.org/changeset/20493/branches/3.3/wp-includes/formatting.php http://wordpress.org/news/2012/04/wordpress-3-3-2/
This issue affects the versions of the wordpress package, as shipped with Fedora release of 15 and 16. -- This issue affects the versions of the wordpress package, as shipped with Fedora EPEL 5 and Fedora EPEL 6.
This issue is scheduled to be corrected via the following updates: 1) wordpress-3.3.2-2.el6 for Fedora EPEL 6, 2) wordpress-3.3.2-2.fc16 for Fedora 16, 3) wordpress-3.3.2-2.fc15 for Fedora 15.
Created wordpress tracking bugs for this issue Affects: epel-all [bug 815401]
wordpress-3.3.2-2.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.
wordpress-3.3.2-2.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report.
wordpress-3.3.2-2.fc15 has been pushed to the Fedora 15 stable repository. If problems still persist, please make note of it in this bug report.
wordpress-3.3.2-2.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.