This script is Copyright (C) 2017 Tenable Network Security, Inc.
The remote FreeBSD host is missing a security-related update.
wordpress developers report :
Before version 4.8.2, WordPress was susceptible to a Cross-Site
Before version 4.8.2, WordPress allowed a Cross-Site scripting attack
in the template list view via a crafted template name.
Before version 4.8.2, WordPress was vulnerable to a directory
traversal attack during unzip operations in the ZipArchive and PclZip
Before version 4.8.2, WordPress allowed Cross-Site scripting in the
plugin editor via a crafted plugin name.
Before version 4.8.2, WordPress allowed a Directory Traversal attack
in the Customizer component via a crafted theme filename.
Before version 4.8.2, WordPress was vulnerable to cross-site scripting
in oEmbed discovery.
Before version 4.8.2, WordPress was vulnerable to a cross-site
scripting attack via shortcodes in the TinyMCE visual editor.
See also :
Update the affected package.
Risk factor :
Medium / CVSS Base Score : 5.0
Family: FreeBSD Local Security Checks
Nessus Plugin ID: 103585 ()
Get Nessus Professional to scan unlimited IPs, run compliance checks & moreBuy Nessus Professional Now