Enquiry in fixes to latest vulnerabilities

lksorak · Member · Sep 22, 2015 at 2:35 am
Copy link

Add topic to favorites
I would like to check whether the online version has these WordPress fixes :
1. Cross-site scripting vulnerability when processing shortcode tags (CVE-2015-5714).
2. A potential privilege escalation (CVE-2015-5715).

Thanks.

The blog I need help with is: (visible only to logged in users)
ehtis · Staff · Sep 22, 2015 at 11:05 am
Copy link
Hi there,

Thread has already been tagged for staff assistance by someone, so an official reply should be on its way soon.

However, I’d like to add that those vulnerabilities were fixed in the 4.3.1 release of the WordPress software.

The hosted WordPress.com platform probably have some additional protections as well, it might also be running the latest version with some modifications, but I guess the exact details are not publicly disclosed.
staff-ozmodiar · Staff · Sep 23, 2015 at 5:11 am
Copy link
As has been noted, those vulnerabilities were related to the self-hosted WordPress.org version of WordPress.

While similar in many ways, WordPress.org and WordPress.com are different.

WordPress.com vs. WordPress.org

WordPress.com was not affected by those vulnerabilities.

The topic ‘Enquiry in fixes to latest vulnerabilities’ is closed to new replies.

Couldn't find what you needed?

Contact us

Get answers from our AI assistant, with access to 24/7 expert human support on paid plans.

Browse our guides

Find step-by-step solutions to common questions in our comprehensive guides.