Wordpress: Multiple vulnerabilities — GLSA 200506-04

Wordpress contains SQL injection and XSS vulnerabilities.

Affected Packages

www-apps/wordpress on all architectures
Affected versions < 1.5.1.2
Unaffected versions >= 1.5.1.2

Background

WordPress is a PHP and MySQL based content management and publishing system.

Description

Due to a lack of input validation, WordPress is vulnerable to SQL injection and XSS attacks.

Impact

An attacker could use the SQL injection vulnerabilities to gain information from the database. Furthermore the cross-site scripting issues give an attacker the ability to inject and execute malicious script code or to steal cookie-based authentication credentials, potentially compromising the victim's browser.

Workaround

There is no known workaround at this time.

Resolution

All Wordpress users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=www-apps/wordpress-1.5.1.2"

References

Release Date
June 06, 2005

Latest Revision
May 22, 2006: 02

Severity
normal

Exploitable
remote

Bugzilla entries