This script is Copyright (C) 2014 Tenable Network Security, Inc.
The remote Mandriva Linux host is missing a security update.
Multiple vulnerabilities has been discovered and corrected in
WordPress before 3.7.2 and 3.8.x before 3.8.2 allows remote
authenticated users to publish posts by leveraging the Contributor
role, related to wp-admin/includes/post.php and
The wp_validate_auth_cookie function in wp-includes/pluggable.php in
WordPress before 3.7.2 and 3.8.x before 3.8.2 does not properly
determine the validity of authentication cookies, which makes it
easier for remote attackers to obtain access via a forged cookie
The updated packages have been patched to correct these issues.
Update the affected wordpress package.
Risk factor :
Medium / CVSS Base Score : 6.4
CVSS Temporal Score : 5.6
Public Exploit Available : true