[SECURITY] [DSA 6075-1] wordpress security update

To: debian-security-announce@lists.debian.org
Subject: [SECURITY] [DSA 6075-1] wordpress security update
From: Moritz Muehlenhoff <jmm@debian.org>
Date: Tue, 9 Dec 2025 23:42:25 +0000
Message-id: <[🔎] aTiz4WFOpa6_Zktz@seger.debian.org>
Reply-to: debian-security-announce-request@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-6075-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
December 10, 2025                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : wordpress
CVE ID         : CVE-2024-4439 CVE-2024-6307 CVE-2024-31111 CVE-2025-58246 
                 CVE-2025-58674

Multiple security issues were discovered in the WordPress blogging tool,
which could result in cross-site scripting or information disclosure.

For the oldstable distribution (bookworm), these problems have been fixed
in version 6.1.9+dfsg1-0+deb12u1.

We recommend that you upgrade your wordpress packages.

For the detailed security status of wordpress please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/wordpress

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmk4s7YACgkQEMKTtsN8
TjZpLw/+O/BrtNv8nGeMvfqgV60DVWE2sVfqyL6ytZqiMeksTlgB9009yWU/Eh4o
z2Lub0Y6+MXnRSsvvamiyLwcotnVpiOmCth8ERVWNkPxFkXaD0dLcejnFj3/jaTU
HTAJlZeX8O9UgzPgFrdzZRzoQpU1xpLI699Ixn9DOD5wM0ZYnmlezGfJQaMysQd6
9syYsWnf7AzP+T+Z4N6Fz5XGadk6V+cFC1UYf1NMr6f1h/65wy5+/MF+R74v1o35
AKFlKiNUWWm5psWQwhAigm1sCyhI/mvaeqmPIpzuLTG8fNyBRxJHW0Hc//hllxyD
yBEaQ/6EsdBNeLIhKhB8uijMgthKKdIvzMPjKu5y1gZZvMkju2X3Yap8YODv2Tpk
PT+U2Icf9/SqemJkAlgRhIhb8wHrlqUZoRbb69QyeGmDGrauw1L1WW4FkWZFJPSG
SZIgHzfKIlpsTJR5ecWCFhgS9klKkjCdfrli60jDnNG/88LlsVI2fJJFBOBG4g8d
XfcL6XqS75BIBT5NIxpD2532ATYw1GEotzEkjf3pq3IPM/MDfyNYEmQECLktyneM
nx4zfoaDBJdKgePpfvS3Ol7g9gE/IFraOpPuBYpVyKPcYVHFjRkfnvUS4t4AI9Fv
nFc1iSv6iSDDgy8ERYoU3rteu106XkSFodTgsng3Lh/zOEXR/cc=
=byDd
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DSA 6074-1] webkit2gtk security update
Next by Date: [SECURITY] [DSA 6076-1] libpng1.6 security update
Previous by thread: [SECURITY] [DSA 6074-1] webkit2gtk security update
Next by thread: [SECURITY] [DSA 6076-1] libpng1.6 security update
Index(es):
- Date
- Thread