Detections
Analytics

FreeBSD : wordpress -- multiple vulnerabilities (559e00b7-6a4d-11e2-b6b0-10bf48230856)

medium Nessus Plugin ID 64288

Language:

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

Wordpress reports :

WordPress 3.5.1 also addresses the following security issues :

- A server-side request forgery vulnerability and remote port scanning using pingbacks. This vulnerability, which could potentially be used to expose information and compromise a site, affects all previous WordPress versions. This was fixed by the WordPress security team.
We'd like to thank security researchers Gennady Kovshenin and Ryan Dewhurst for reviewing our work.

- Two instances of cross-site scripting via shortcodes and post content. These issues were discovered by Jon Cave of the WordPress security team.

- A cross-site scripting vulnerability in the external library Plupload. Thanks to the Moxiecode team for working with us on this, and for releasing Plupload 1.5.5 to address this issue.

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?485eec04

Plugin Details

Severity: Medium

ID: 64288

File Name: freebsd_pkg_559e00b76a4d11e2b6b010bf48230856.nasl

Version: 1.6

Type: local

Published: 1/30/2013

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.8

CVSS v2

Risk Factor: Medium

Base Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:de-wordpress, p-cpe:/a:freebsd:freebsd:ja-wordpress, p-cpe:/a:freebsd:freebsd:ru-wordpress, p-cpe:/a:freebsd:freebsd:wordpress, p-cpe:/a:freebsd:freebsd:zh-wordpress-zh_cn, p-cpe:/a:freebsd:freebsd:zh-wordpress-zh_tw, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 1/29/2013

Vulnerability Publication Date: 1/24/2013

Reference Information

CVE: CVE-2013-0235, CVE-2013-0236, CVE-2013-0237