Bugzilla – Bug 1022445
VUL-1: CVE-2017-5611: wordpress: SQLi when passing unsafe data
Last modified: 2017-02-04 09:35:26 UTC
WP_Query is vulnerable to a SQL injection (SQLi) when passing unsafe data.
WordPress core is not directly vulnerable to this issue, but we've added
hardening to prevent plugins and themes from accidentally causing a
vulnerability. Reported by Mo Jangda (batmoo).
4.6.1 version for TW|42.(1|2) in server:php:applications repo.
bugbot adjusting priority
the SUSE security team does not cover packages not currently in the distribution. Not treating as an incident, assign/cc community maintainers.
update packages in server:php:applications to version 7.7.2