| VID |
210173 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
According to its self-reported version number, the WordPress application running on the remote web server is affected by multiple vulnerabilities:
- A cross-site request forgery (XSRF) vulnerability exists in the comment form due to improper validation. A remote attacker can exploit this by tricking a user into visiting a specially crafted web page, allowing the attacker to create comments on the administrator's behalf.
- A cross-site scripting (XSS) vulnerability exists due to improper validation of user-supplied input before returning it to users. An unauthenticated, remote attacker can exploit this, by convincing a user to click a specially crafted URL, to execute arbitrary script code in a user's browser session.
* References:
https://wordpress.org/support/wordpress-version/version-5-1-1/
* Platforms Affected:
WordPress prior to 5.1.1
Any operating system Any version |
| Recommendation |
Upgrade to the version (5.1.1 or later) fixed this vulnerability, available from the WordPress Download Web page at http://wordpress.org/download/ |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
