Administrator Posted September 25, 2013 Share Posted September 25, 2013 SUMMARY Three CVEs were reported for WordPress 3.6 and WordPress has releasedan upgraded version to address theses vulnerabilities. cPanel hasupdated the WordPress version delivered via the cPAddons functionalityin WHM to the new version of 3.6.1. AFFECTED VERSIONSAll versions of WordPress 3.6.0 and below. SECURITY RATINGUS-CERT/NIST has given the following severities for the WordPressvulnerabilities: CVE-2013-4338CVSS v2 Base Score: 7.5 (HIGH) CVE-2013-4339CVSS v2 Base Score: 7.5 (HIGH) CVE-2013-4339CVSS v2 Base Score: 3.5 (LOW) SOLUTIONcPanel, Inc. has updated the version of WordPress in the cPAddonssystem to 3.6.1. The cPanel Security Team highly recommends thatall installations of WordPress be update on your servers. The WHMAdmins can upgrade the installations of WordPress on their serversusing the Manage cPAddons Site Software functionality in WHM. cPanelaccount users may also update from the WordPress link in the SiteSoftware section of their cPanel account interface. REFERENCES http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4338 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4338 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4339 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4339 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4340 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4340 http://wordpress.org/news/2013/09/wordpress-3-6-1/ For the PGP signed message go here View the full article Link to comment Share on other sites More sharing options...
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!Register a new account
Already have an account? Sign in here.Sign In Now