| VID |
22649 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
A version of WordPress software which is older than 3.8.4 is detected as installed on the host. WordPress is a freely available PHP-based publication program that uses a MySQL backend database. WordPress versions earlier than 3.8.4 are vulnerable to multiple vulnerabilities.
- An XML injection flaw exists within 'getid3.lib.php' due to the parser accepting XML external entities from untrusted sources. Using specially crafted XML data, a remote attacker could access sensitive information or cause a denial of service.
- An XML injection flaw exists within 'xmlrpc.php' due to the parser accepting XML internal entities without properly validating them. Using specially crafted XML data, a remote attacker could cause a denial of service.
- A flaw exists when building CSRF tokens due to it not separating pieces by delimiter and not comparing nonces in a time-constant manner. This could allow a remote
attacker to conduct a brute force attack and potentially disclose the CSRF token.
* Note: This check solely relied on the version number of the WordPress software installed on the remote Web server to assess this vulnerability, so this might be a false positive.
* References:
https://wordpress.org/news/2014/08/wordpress-3-9-2/
http://codex.wordpress.org/Version_3.8.4
http://seclists.org/oss-sec/2014/q3/301
* Platforms affected:
WordPress versions 3.8.4 earlier
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of WordPress (3.8.4 or later), available from the WordPress Download Web site at http://wordpress.org/download/ |
| Related URL |
CVE-2014-2053,CVE-2014-5205,CVE-2014-5240,CVE-2014-5265,CVE-2014-5266 (CVE) |
| Related URL |
69096 (SecurityFocus) |
| Related URL |
(ISS) |
|
