FreeBSD : wordpress -- multiple vulnerabilities (043d3a78-f245-4938-9bc7-3d0d35dd94bf)

This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

The wordpress development team reports :

- Block unsafe PHP unserialization that could occur in limited
situations and setups, which can lead to remote code execution.

- Prevent a user with an Author role, using a specially crafted
request, from being able to create a post 'written by' another user.

- Fix insufficient input validation that could result in redirecting
or leading a user to another website.

Additionally, we've adjusted security restrictions around file uploads
to mitigate the potential for cross-site scripting.

See also :

http://wordpress.org/news/2013/09/wordpress-3-6-1/
http://www.nessus.org/u?aab3c107

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 70515 ()

Bugtraq ID:

CVE ID: CVE-2013-4338
CVE-2013-4339
CVE-2013-4340
CVE-2013-5738
CVE-2013-5739

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now