Changelog
wordpress (4.8.2+dfsg-1) unstable; urgency=high
* New upstream security release fixes 9 security issues closes: #876274
CVE IDs will be updated when issued
- CVE-2017-XXX
$wpdb->prepare() can create unexpected and unsafe queries leading to
potential SQL injection (SQLi)
- CVE-2017-TBA
Cross-site scripting (XSS) vulnerability in the oEmbed discovery
- CVE-2017-TBA
Cross-site scripting (XSS) vulnerability in the visual editor
- CVE-2017-TBA
Path traversal vulnerability in the file unzipping code
- CVE-2017-TBA
Cross-site scripting (XSS) vulnerability in the plugin editor
- CVE-2017-TBA
Open redirect in the user and term edit screens
- CVE-2017-TBA
Path traversal vulnerability in the customizer
- CVE-2017-TBA
Cross-site scripting (XSS) vulnerability in template names
- CVE-2017-TBA
Cross-site scripting (XSS) vulnerability in the link modal
-- Craig Small <email address hidden> Fri, 22 Sep 2017 21:57:06 +1000