漏洞类别:CGI
漏洞等级: 
漏洞信息
WordPress is an open source blogging tool and content management system based on PHP and MySQL. It has many features including a plug-in architecture and a template system.
WordPress versions prior to 4.6.1 contain the following vulnerabilities:
a cross-site scripting (XSS) vulnerability via image filename
a path traversal vulnerability in the upgrade package uploader
Affected Versions:
WordPress prior to 4.6.1
漏洞危害
Depending on the vulnerability being exploited, a remote attacker could conduct XSS attacks or access sensitive information by traversing through unauthorized directories.
解决方案
Customers are advised to install WordPress 4.6.1 or later versions to remediate the vulnerabilities.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0day
文章评论