FreeBSD : wordpress -- multiple vulnerabilities (54e50cd9-c1a8-11e6-ae1b-002590263bf5)

high Nessus Plugin ID 95786

Language:

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

Jeremy Felt reports :

WordPress versions 4.6 and earlier are affected by two security issues: a cross-site scripting vulnerability via image filename, reported by SumOfPwn researcher Cengiz Han Sahin; and a path traversal vulnerability in the upgrade package uploader, reported by Dominik Schilling from the WordPress security team.

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?be1e697e

http://www.nessus.org/u?a0632c97

Plugin Details

Severity: High

ID: 95786

File Name: freebsd_pkg_54e50cd9c1a811e6ae1b002590263bf5.nasl

Version: 3.3

Type: local

Published: 12/14/2016

Updated: 1/4/2021

Supported Sensors: Nessus

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:de-wordpress, p-cpe:/a:freebsd:freebsd:ja-wordpress, p-cpe:/a:freebsd:freebsd:ru-wordpress, p-cpe:/a:freebsd:freebsd:wordpress, p-cpe:/a:freebsd:freebsd:zh-wordpress-zh_cn, p-cpe:/a:freebsd:freebsd:zh-wordpress-zh_tw, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 12/14/2016

Vulnerability Publication Date: 9/7/2016