CVE-2015-2213
wordpress - security update
EPSS 21.2%
Description
SQL injection vulnerability in the wp_untrash_post_comments function in wp-includes/post.php in WordPress before 4.2.4 allows remote attackers to execute arbitrary SQL commands via a comment that is mishandled after retrieval from the trash.
How to fix CVE-2015-2213
To remediate CVE-2015-2213, upgrade the affected package to a fixed version below.
- Debian/wordpress—upgrade to 4.2.4+dfsg-1 or later
- Debian/wordpress—upgrade to 3.6.1+dfsg-1~deb6u7 or later
- Debian/wordpress—upgrade to 4.1+dfsg-1+deb8u4 or later
- —upgrade to 3.6.1+dfsg-1~deb7u8 or later
Is CVE-2015-2213 being exploited?
Moderate — EPSS is 21.2%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (4)
- from 0, < 4.2.4+dfsg-1
- from 0, < 3.6.1+dfsg-1~deb6u7
- from 0, < 4.1+dfsg-1+deb8u4
- from 0, < 3.6.1+dfsg-1~deb7u8