Bug#1003243: wordpress: WordPress 5.8.3 Security Release

Thu, 06 Jan 2022 13:48:17 -0800 

Package: wordpress
Version: 5.8.2+dfsg1-1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: Debian Security Team <t...@security.debian.org>

WordPress have released version 5.8.3 which fixes 4 security bugs.
https://wordpress.org/news/2022/01/wordpress-5-8-3-security-release/

 * An issue with stored XSS through post slugs.
   CVE-2022-21662 - Stored XSS through authenticated users
   
https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-699q-3hj9-889w
   https://hackerone.com/reports/425342


 * An issue with Object injection in some multisite installations.
   CVE-2022-21663 - Authenticated Object Injection in Multisites
   
https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-jmmq-m8p8-332h
   https://hackerone.com/reports/541469


 * A SQL injection vulnerability in WP_Query.
   CVE-2022-21661 - WordPress: SQL Injection through WP_Query
   
https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-6676-cqfm-gw84
   https://hackerone.com/reports/1378209

 * A SQL injection vulnerability in WP_Meta_Query
   CVE-2022-21664 - SQL injection due to improper sanitization in WP_Meta_Query
   
https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-jp3p-gw8h-6x86

Reply via email to