This script is Copyright (C) 2013-2016 Tenable Network Security, Inc.
The remote Fedora host is missing a security update.
WordPress 3.5.1 is now available. Version 3.5.1 is the first
maintenance release of 3.5, fixing 37 bugs. It is also a security
release for all previous WordPress versions. Which include :
- Editor: Prevent certain HTML elements from being
unexpectedly removed or modified in rare cases.
- Media: Fix a collection of minor workflow and
compatibility issues in the new media manager.
- Networks: Suggest proper rewrite rules when creating a
- Prevent scheduled posts from being stripped of certain
HTML, such as video embeds, when they are published.
- Work around some misconfigurations that may have
- Suppress some warnings that could occur when a plugin
misused the database or user APIs.
WordPress 3.5.1 also addresses the following security issues :
- A server-side request forgery vulnerability and remote
port scanning using pingbacks. This vulnerability, which
could potentially be used to expose information and
compromise a site, affects all previous WordPress
versions. This was fixed by the WordPress security team.
We'd like to thank security researchers Gennady
Kovshenin and Ryan Dewhurst for reviewing our work.
- Two instances of cross-site scripting via shortcodes
and post content. These issues were discovered by Jon
Cave of the WordPress security team.
- A cross-site scripting vulnerability in the external
library Plupload. Thanks to the Moxiecode team for
working with us on this, and for releasing Plupload
1.5.5 to address this issue.
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.
See also :
Update the affected wordpress package.
Risk factor :
Medium / CVSS Base Score : 6.4
CVSS Temporal Score : 5.6
Public Exploit Available : true