IMPORTANT: cPanel Security Notice 2013-09-25: WordPress 3.6.1

Administrator · September 25, 2013

SUMMARY

Three CVEs were reported for WordPress 3.6 and WordPress has released
an upgraded version to address theses vulnerabilities. cPanel has
updated the WordPress version delivered via the cPAddons functionality
in WHM to the new version of 3.6.1.

AFFECTED VERSIONS
All versions of WordPress 3.6.0 and below.

SECURITY RATING
US-CERT/NIST has given the following severities for the WordPress
vulnerabilities:

CVE-2013-4338
CVSS v2 Base Score: 7.5 (HIGH)

CVE-2013-4339
CVSS v2 Base Score: 7.5 (HIGH)

CVE-2013-4339
CVSS v2 Base Score: 3.5 (LOW)

SOLUTION
cPanel, Inc. has updated the version of WordPress in the cPAddons
system to 3.6.1. The cPanel Security Team highly recommends that
all installations of WordPress be update on your servers. The WHM
Admins can upgrade the installations of WordPress on their servers
using the Manage cPAddons Site Software functionality in WHM. cPanel
account users may also update from the WordPress link in the Site
Software section of their cPanel account interface.

REFERENCES

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4338

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4338

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4339

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4339

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4340

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4340

http://wordpress.org/news/2013/09/wordpress-3-6-1/

For the PGP signed message go here

View the full article