Source: wordpress Version: 4.9.7+dfsg1-1 Severity: normal Tags: security upstream Forwarded: https://core.trac.wordpress.org/ticket/44710
Hi, The following vulnerability was published for wordpress, so we can track the upstream status filling the bug, I think the impact is quite limited if I understand correctly. CVE-2018-14028[0]: | In WordPress 4.9.7, plugins uploaded via the admin area are not | verified as being ZIP files. This allows for PHP files to be uploaded. | Once a PHP file is uploaded, the plugin extraction fails, but the PHP | file remains in a predictable wp-content/uploads location, allowing | for an attacker to then execute the file. This represents a security | risk in limited scenarios where an attacker (who does have the | required capabilities for plugin uploads) cannot simply place | arbitrary PHP code into a valid plugin ZIP file and upload that | plugin, because a machine's wp-content/plugins directory permissions | were set up to block all new plugins. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-14028 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14028 Please adjust the affected versions in the BTS as needed. Regards, Salvatore