FreeBSD : wordpress -- multiple issues (a48d4478-e23f-4085-8ae4-6b3a7b6f016b)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

wordpress developers report :

Before version 4.8.2, WordPress was susceptible to a Cross-Site
Scripting attack in the link modal via a javascript: or data: URL.

Before version 4.8.2, WordPress allowed a Cross-Site scripting attack
in the template list view via a crafted template name.

Before version 4.8.2, WordPress was vulnerable to a directory
traversal attack during unzip operations in the ZipArchive and PclZip
components.

Before version 4.8.2, WordPress allowed Cross-Site scripting in the
plugin editor via a crafted plugin name.

Before version 4.8.2, WordPress allowed a Directory Traversal attack
in the Customizer component via a crafted theme filename.

Before version 4.8.2, WordPress was vulnerable to cross-site scripting
in oEmbed discovery.

Before version 4.8.2, WordPress was vulnerable to a cross-site
scripting attack via shortcodes in the TinyMCE visual editor.

See also :

http://www.securityfocus.com/bid/100912
http://www.nessus.org/u?dadf2914
https://core.trac.wordpress.org/changeset/41393
https://core.trac.wordpress.org/changeset/41395
https://core.trac.wordpress.org/changeset/41397
https://core.trac.wordpress.org/changeset/41412
https://core.trac.wordpress.org/changeset/41448
https://core.trac.wordpress.org/changeset/41457
https://wpvulndb.com/vulnerabilities/8911
https://wpvulndb.com/vulnerabilities/8912
https://wpvulndb.com/vulnerabilities/8913
https://wpvulndb.com/vulnerabilities/8914
http://www.nessus.org/u?c584427a

Solution :

Update the affected package.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 103585 ()

Bugtraq ID:

CVE ID: CVE-2017-14718
CVE-2017-14719
CVE-2017-14720
CVE-2017-14721
CVE-2017-14722
CVE-2017-14724
CVE-2017-14726

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now