Korean
<< Back
VID 22650
Severity 40
Port 80, ...
Protocol TCP
Class CGI
Detailed Description A version of WordPress software which is older than 3.9.2 is detected as installed on the host. WordPress is a freely available PHP-based publication program that uses a MySQL backend database. WordPress versions earlier than 3.9.2 are vulnerable to multiple vulnerabilities.

- An XML injection flaw exists within 'getid3.lib.php' due to the parser accepting XML external entities from untrusted sources. Using specially crafted XML data, a remote attacker could access sensitive information or cause a denial of service.
- An XML injection flaw exists within 'xmlrpc.php' due to the parser accepting XML internal entities without properly validating them. Using specially crafted XML data, a remote attacker could cause a denial of service.
- An unsafe serialization flaw exists in the script '/src/wp-includes/class-wp-customize-widgets.php' when processing widgets. This could allow a remote attacker to execute arbitrary code.
- A flaw exists when building CSRF tokens due to it not separating pieces by delimiter and not comparing nonces in a time-constant manner. This could allow a remote
attacker to conduct a brute force attack and potentially disclose the CSRF token.
- A cross-site scripting flaw exists in the function 'get_avatar' within the '/src/wp-includes/pluggable.php' script where input from the avatars is not validated before returning it to the user. Using a specially crafted request, an authenticated attacker could execute arbitrary script code within the browser / server trust relationship.

* Note: This check solely relied on the version number of the WordPress software installed on the remote Web server to assess this vulnerability, so this might be a false positive.

* References:
https://wordpress.org/news/2014/08/wordpress-3-9-2/
http://codex.wordpress.org/Version_3.9.2
http://seclists.org/oss-sec/2014/q3/301

* Platforms affected:
WordPress versions 3.9.2 earlier
Any operating system Any version
Recommendation Upgrade to the latest version of WordPress (3.9.2 or later), available from the WordPress Download Web site at http://wordpress.org/download/
Related URL CVE-2014-2053,CVE-2014-5203,CVE-2014-5204,CVE-2014-5205,CVE-2014-5240,CVE-2014-5265,CVE-2014-5266 (CVE)
Related URL 69096 (SecurityFocus)
Related URL (ISS)