VID |
22650 |
Severity |
40 |
Port |
80, ... |
Protocol |
TCP |
Class |
CGI |
Detailed Description |
A version of WordPress software which is older than 3.9.2 is detected as installed on the host. WordPress is a freely available PHP-based publication program that uses a MySQL backend database. WordPress versions earlier than 3.9.2 are vulnerable to multiple vulnerabilities.
- An XML injection flaw exists within 'getid3.lib.php' due to the parser accepting XML external entities from untrusted sources. Using specially crafted XML data, a remote attacker could access sensitive information or cause a denial of service. - An XML injection flaw exists within 'xmlrpc.php' due to the parser accepting XML internal entities without properly validating them. Using specially crafted XML data, a remote attacker could cause a denial of service. - An unsafe serialization flaw exists in the script '/src/wp-includes/class-wp-customize-widgets.php' when processing widgets. This could allow a remote attacker to execute arbitrary code. - A flaw exists when building CSRF tokens due to it not separating pieces by delimiter and not comparing nonces in a time-constant manner. This could allow a remote attacker to conduct a brute force attack and potentially disclose the CSRF token. - A cross-site scripting flaw exists in the function 'get_avatar' within the '/src/wp-includes/pluggable.php' script where input from the avatars is not validated before returning it to the user. Using a specially crafted request, an authenticated attacker could execute arbitrary script code within the browser / server trust relationship.
* Note: This check solely relied on the version number of the WordPress software installed on the remote Web server to assess this vulnerability, so this might be a false positive.
* References: https://wordpress.org/news/2014/08/wordpress-3-9-2/ http://codex.wordpress.org/Version_3.9.2 http://seclists.org/oss-sec/2014/q3/301
* Platforms affected: WordPress versions 3.9.2 earlier Any operating system Any version |
Recommendation |
Upgrade to the latest version of WordPress (3.9.2 or later), available from the WordPress Download Web site at http://wordpress.org/download/ |
Related URL |
CVE-2014-2053,CVE-2014-5203,CVE-2014-5204,CVE-2014-5205,CVE-2014-5240,CVE-2014-5265,CVE-2014-5266 (CVE) |
Related URL |
69096 (SecurityFocus) |
Related URL |
(ISS) |
|