From URL: WordPress versions 4.7.1 and earlier are affected by three security issues: The user interface for assigning taxonomy terms in Press This is shown to users who do not have permissions to use it. Reported by David Herrera of Alley Interactive. WP_Query is vulnerable to a SQL injection (SQLi) when passing unsafe data. WordPress core is not directly vulnerable to this issue, but we’ve added hardening to prevent plugins and themes from accidentally causing a vulnerability. Reported by Mo Jangda (batmoo). A cross-site scripting (XSS) vulnerability was discovered in the posts list table. Reported by Ian Dunn of the WordPress Security Team. ~ eleix (Security Padawan) Reproducible: Didn't try
Maintainer(s), please drop the vulnerable version(s) non-stable package, security please close with noglsa.
CVE Assignment Request: http://seclists.org/oss-sec/2017/q1/207
Fixed version not yet in repository.
https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=93ed5e4e3abc439230d66e1b3ab30721fa420430
