Debian alert DLA-4358-1 (wordpress)
| From: | Utkarsh Gupta <guptautkarsh2102@gmail.com> | |
| To: | debian-lts-announce@lists.debian.org | |
| Subject: | [SECURITY] [DLA 4358-1] wordpress security update | |
| Date: | Mon, 03 Nov 2025 09:57:05 +0100 | |
| Message-ID: | <CAPP0f94ieNpDNzOOVJSyKX87j2zdVDBPmJ7zQiPJvKB77FW0rQ@mail.gmail.com> |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ----------------------------------------------------------------------- Debian LTS Advisory DLA-4358-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Utkarsh Gupta November 02, 2025 https://wiki.debian.org/LTS - ----------------------------------------------------------------------- Package : wordpress Version : 5.7.14+dfsg1-0+deb11u1 CVE ID : CVE-2024-6307 CVE-2024-31111 CVE-2025-58246 CVE-2025-58674 Debian Bug : 1074486 1117047 Several security vulnerabilities have been discovered in Wordpress, a popular content management framework. CVE-2024-6307 WordPress Core is vulnerable to stored Cross-Site Scripting via the HTML API due to insufficient input sanitization and output escaping on URLs. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. CVE-2024-31111 Improper neutralization of input during web gage generation (XSS or "Cross-site Scripting") vulnerability in Automattic WordPress allows Stored XSS. CVE-2025-58246 Insertion of sensitive information into sent data vulnerability in WordPress allows retrieval of embedded sensitive data. CVE-2025-58674 Improper neutralization of input during web page generation ("Cross-site Scripting") vulnerability in WordPress allows Stored XSS. For Debian 11 bullseye, these problems have been fixed in version 5.7.14+dfsg1-0+deb11u1. We recommend that you upgrade your wordpress packages. For the detailed security status of wordpress please refer to its security tracker page at: https://security-tracker.debian.org/tracker/wordpress Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmkIbj8ACgkQgj6WdgbD S5YDXQ//XGBlkhNZ8kkFqq9CFR15abMhHp6f0WO+MCqtSRE5hBoPLPaCuHI2oDIY D4nc4kscD3jalREti1DehdVCzUIRwVKZqkScbxuZBGW8p6k4FZOkW98mu8QMnf4n bwEvYUJ7DLx226r0R+ur8FwwEeSHM/uSC5pqrXXwXG4u1eZRLB6cqV0N4cSXyZo7 q3MvCTMmiVnnzpPxsuZrT2MXcFgjbzv2ztsX72AWydoUpduZpiccSSPE6T4AeOFl KCgXVSUPeRfVw1UBIElDjqBNfQy89UY7GD7e2YXrU1hbHX/DhvxANDnbHZ6M/C59 UPHJsRnahmOQOFs6UV8sH6j4FODpgcZc7C5x2D7yHOl27VL+UkHbszLmkOAtjSgU cJSnqcG8f4wYroYtHwMQTRlVlWrTluQ4REyLO6i0PkRpTd7HZQ9F2fwkpx+cx/mb JxOWFPzZVdwKKGb974yeG5jpMTsWVTnWlk0sImurB7nny64k/9PTFE/1hJA06yl3 50o6aAct1AYBGhsUTNABRKJlwjwZiufU2cbmEqCRWiGmCQmqPn2DI/DzfMYDpwUo qorae/4KVYXW4/zEHBalrf66j388PVzmI+TCIPRFuYCilmDkdmNP0c8Ki21hPEqr Qrahqs/vZ3lo3HSwdtIFsqKs4HBgN75xAlmZ2xvg/ZITLHM6g0o= =uQu4 -----END PGP SIGNATURE-----