Files
ports/www/wordpress
Xin LI 122fc90edc www/wordpress: upgrade to 6.9.4 (security)
Upstream does not offer localized tarballs for 6.9.4, so download the
6.9.1 tarballs and apply files/patch-6.9.1-to-6.9.4 instead.

Security fixes in 6.9.2:
- Blind SSRF
- PoP-chain weakness in HTML API and Block Registry
- Regex DoS in Numeric Character References
- Stored XSS in Nav Menus
- AJAX query-attachments Authorization Bypass
- Stored XSS via data-wp-bind directive
- XSS allowing override of client-side templates in admin area
- PclZip Path Traversal
- Authorization Bypass on Notes feature
- XXE in external getID3 library

Bug fix in 6.9.3:
- Restore compatibility for themes using stringable objects with the
  template_include filter (regression introduced in 6.9.2)

Security fixes in 6.9.4 (incomplete fixes from 6.9.2 re-addressed):
- PclZip Path Traversal
- Authorization Bypass on Notes feature
- XXE in external getID3 library
2026-03-11 20:57:10 -07:00
..