When the Wolf CMS team finds and fixes an important security problem that cannot wait until the next release, we will release a security patch. Each patch describes the problem and should be applied to the version of Wolf CMS that is mentioned in the accompanying documentation.
Below you can find a list of security related patches for Wolf CMS. Please apply them to your installation if you have not done so already.
Security Patch 1
- Download Patch from 0.7.5 to 0.7.5-SP1
Users of Wolf CMS 0.7.5 are advised to patch their systems with the SP1 (Security Patch) patch. The patch affects only the files included in the zip file above. Just replace the old files in your system with the new ones from the download above.
Risk level – Moderate.
Description – A number of CSRF vulnerabilities were reported and fixed which could allow a remote attacker to abuse certain Wolf CMS functions by manipulating the URL. Exploiting these vulnerabilities depend on the attacker first acquiring a valid session from a user with administrative privileges.
Note – Some users might encounter a message “This plugin CANNOT be enabled! It requires Wolf version 0.7.5.” with some third party plugins for 0.7.5-SP1. If you encounter this message, please change the CMS_VERSION variable in index.php back to “0.7.5”.