This script is Copyright (C) 2014 Tenable Network Security, Inc.
The remote Mandriva Linux host is missing a security update.
Updated wordpress package fixes security vulnerabilities :
XSS in wptexturize() via comments or posts, exploitable for
unauthenticated users (CVE-2014-9031).
XSS in media playlists (CVE-2014-9032).
CSRF in the password reset process (CVE-2014-9033).
Denial of service for giant passwords. The phpass library by Solar
Designer was used in both projects without setting a maximum password
length, which can lead to CPU exhaustion upon hashing (CVE-2014-9034).
XSS in Press This (CVE-2014-9035).
XSS in HTML filtering of CSS in posts (CVE-2014-9036).
Hash comparison vulnerability in old-style MD5-stored passwords
SSRF: Safe HTTP requests did not sufficiently block the loopback IP
address space (CVE-2014-9038).
Previously an email address change would not invalidate a previous
password reset email (CVE-2014-9039).
See also :
Update the affected wordpress package.
Risk factor :
Medium / CVSS Base Score : 6.8
CVSS Temporal Score : 5.9
Public Exploit Available : true
Family: Mandriva Local Security Checks
Nessus Plugin ID: 79613 ()
Get Nessus Professional to scan unlimited IPs, run compliance checks & moreBuy Nessus Professional Now