Hello Craig, while I was preparing a Wordpress update for Jessie I discovered that CVE-2018-14028 has not been fixed yet. The upstream ticket is still open
https://core.trac.wordpress.org/ticket/44710 and there was no mention of a fix in the release changelog of version 4.9.8. https://wordpress.org/support/wordpress-version/version-4.9.8/ I believe it is best to keep this bug report open until upstream closes 44710 eventually. Regards, Markus
signature.asc
Description: OpenPGP digital signature

