Hi Craig,

On Thu, Mar 14, 2019 at 09:20:05PM +1100, Craig Small wrote:
> Source: wordpress
> Version: 5.0.3+dfsg1-1
> Severity: important
> Tags: security
> This release also includes a pair of security fixes that handle how
> comments are filtered and then stored in the database. With a
> maliciously crafted comment, a WordPress post was vulnerable to
> cross-site scripting.
> WordPress versions 5.1 and earlier are affected by these bugs, which
> are fixed in version 5.1.1. Updated versions of WordPress 5.0 and
> earlier are also available for any users who have not yet updated to
> 5.1.

Can you request a CVE for the XSS issue? Or respectively for the
issues fixed in that release?


Reply via email to