SUMMARY
Three CVEs were reported for WordPress 3.6 and WordPress has released
an upgraded version to address theses vulnerabilities. cPanel has
updated the WordPress version delivered via the cPAddons functionality
in WHM to the new version of 3.6.1.
AFFECTED VERSIONS
All versions of WordPress 3.6.0 and below.
SECURITY RATING
US-CERT/NIST has given the following severities for the WordPress
vulnerabilities:
CVE-2013-4338
CVSS v2 Base Score: 7.5 (HIGH)
CVE-2013-4339
CVSS v2 Base Score: 7.5 (HIGH)
CVE-2013-4339
CVSS v2 Base Score: 3.5 (LOW)
SOLUTION
cPanel, Inc. has updated the version of WordPress in the cPAddons
system to 3.6.1. The cPanel Security Team highly recommends that
all installations of WordPress be update on your servers. The WHM
Admins can upgrade the installations of WordPress on their servers
using the Manage cPAddons Site Software functionality in WHM. cPanel
account users may also update from the WordPress link in the Site
Software section of their cPanel account interface.
REFERENCES
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4338
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4338
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4339
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4339
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4340
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4340
For the PGP signed message go here