Detections
Analytics

FreeBSD : wordpress -- multiple issues (a2589511-d6ba-11e7-88dd-00e04c1ea73d)

high Nessus Plugin ID 104983

Language:

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

wordpress developers reports :

Use a properly generated hash for the newbloguser key instead of a determinate substring.

Add escaping to the language attributes used on html elements.

Ensure the attributes of enclosures are correctly escaped in RSS and Atom feeds.

Remove the ability to upload JavaScript files for users who do not have the unfiltered_html capability.

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?383c32fd

http://www.nessus.org/u?cdf0909e

Plugin Details

Severity: High

ID: 104983

File Name: freebsd_pkg_a2589511d6ba11e788dd00e04c1ea73d.nasl

Version: 3.4

Type: local

Published: 12/4/2017

Updated: 1/4/2021

Supported Sensors: Nessus

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:de-wordpress, p-cpe:/a:freebsd:freebsd:fr-wordpress, p-cpe:/a:freebsd:freebsd:ja-wordpress, p-cpe:/a:freebsd:freebsd:ru-wordpress, p-cpe:/a:freebsd:freebsd:wordpress, p-cpe:/a:freebsd:freebsd:zh-wordpress-zh_cn, p-cpe:/a:freebsd:freebsd:zh-wordpress-zh_tw, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 12/1/2017

Vulnerability Publication Date: 11/29/2017