FreeBSD : wordpress -- multiple vulnerabilities (043d3a78-f245-4938-9bc7-3d0d35dd94bf)

This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.

Synopsis :

The remote FreeBSD host is missing one or more security-related

Description :

The wordpress development team reports :

- Block unsafe PHP unserialization that could occur in limited
situations and setups, which can lead to remote code execution.

- Prevent a user with an Author role, using a specially crafted
request, from being able to create a post 'written by' another user.

- Fix insufficient input validation that could result in redirecting
or leading a user to another website.

Additionally, we've adjusted security restrictions around file uploads
to mitigate the potential for cross-site scripting.

See also :

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.5

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 70515 ()

Bugtraq ID:

CVE ID: CVE-2013-4338

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now