Props to Ben Bidner of the WordPress Security Team for finding an open redirect issue in wp_validate_redirect().
Props to Nrimo Ing Pandum for finding an authenticated XSS issue via theme uploads.
Props to Simon Scannell of RIPS Technologies for finding an issue where set-screen-option can be misused by plugins leading to privilege escalation.
Props to Carolina Nymark for discovering an issue where comments from password-protected posts and pages could be displayed under certain conditions.
Maintainer(s): Please cleanup vulnerable versions.
The bug has been referenced in the following commit(s):
Author: Aaron Bauman <firstname.lastname@example.org>
AuthorDate: 2020-06-12 03:33:21 +0000
Commit: Aaron Bauman <email@example.com>
CommitDate: 2020-06-12 03:33:21 +0000
www-apps/wordpress: drop vulnerable
Signed-off-by: Aaron Bauman <firstname.lastname@example.org>
www-apps/wordpress/Manifest | 1 -
www-apps/wordpress/wordpress-5.4.1.ebuild | 57 -------------------------------
2 files changed, 58 deletions(-)