| VID |
22773 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
A version of WordPress software which is older than version 4.7.2 is detected as installed on the host. WordPress is a freely available PHP-based publication program that uses a MySQL backend database. WordPress versions prior to 4.7.2 are vulnerable to multiple vulnerabilities.
- An information disclosure vulnerability exists in the class-wp-press-this.php script due to a failure to properly restrict the user interface for assigning taxonomy terms. An authenticated, remote attacker can exploit this to disclose sensitive information. (CVE-2017-5610)
- A SQL injection (SQLi) vulnerability exists in the class-wp-query.php script due to a failure to sanitize input to post type names. An unauthenticated, remote attacker can exploit this to inject or manipulate SQL queries in the back-end database, resulting in the disclosure or manipulation of arbitrary data. (CVE-2017-5611)
- A cross-site scripting (XSS) vulnerability exists in the class-wp-posts-list-table.php script due to improper validation of input to the posts list table. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code in a user's browser session. (CVE-2017-5612)
* Note: This check solely relied on the version number of the WordPress software installed on the remote Web server to assess this vulnerability, so this might be a false positive.
* References:
https://wordpress.org/news/2017/01/wordpress-4-7-2-security-release/
https://codex.wordpress.org/Version_4.7.2
* Platforms affected:
WordPress versions prior to 4.7.2
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of WordPress (4.7.2 or later), available from the WordPress Download Web site at http://wordpress.org/download/ |
| Related URL |
CVE-2017-5610,CVE-2017-5611,CVE-2017-5612 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
