| VID |
22733 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
A version of WordPress software which is older than version 4.5.3 is detected as installed on the host. WordPress is a freely available PHP-based publication program that uses a MySQL backend database. WordPress versions prior to 4.5.3 are vulnerable to multiple vulnerabilities.
- An unspecified flaw exists in the Customizer component that allows an unauthenticated, remote attacker to perform a redirect bypass. (VulnDB 140310)
- Multiple cross-site scripting vulnerabilities exist due to improper validation of user-supplied input when handling attachment names. An unauthenticated, remote attacker can exploit these issues, via a specially crafted request, to execute arbitrary script code in a user's browser session. (VulnDB 140311)
- An information disclosure vulnerability exists that allows an unauthenticated, remote attacker to disclose revision history. (VulnDB 140312)
- An unspecified flaw exists in oEmbed that allows an unauthenticated, remote attacker to cause a denial of service condition. (VulnDB 140313)
- An unspecified flaw exists that allows an unauthenticated, remote attacker to remove categories from posts. (VulnDB 140314)
- An unspecified flaw exists that is triggered when handling stolen cookies. An unauthenticated, remote attacker can exploit this to change user passwords. (VulnDB 140315)
- Multiple unspecified flaws exist in the sanitize_file_name() function that allow an unauthenticated, remote attacker to have an unspecified impact. (VulnDB 140316)
* Note: This check solely relied on the version number of the WordPress software installed on the remote Web server to assess this vulnerability, so this might be a false positive.
* References:
https://wordpress.org/news/2016/06/wordpress-4-5-3/
* Platforms affected:
WordPress versions prior to 4.5.3
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of WordPress (4.5.3 or later), available from the WordPress Download Web site at http://wordpress.org/download/ |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
