FreeBSD : wordpress -- 2 XSS vulnerabilities (d86890da-f498-11e4-99aa-bcaec565249c)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Synopsis :

The remote FreeBSD host is missing one or more security-related

Description :

Samuel Sidler reports :

The Genericons icon font package, which is used in a number of popular
themes and plugins, contained an HTML file vulnerable to a cross-site
scripting attack. All affected themes and plugins hosted on (including the Twenty Fifteen default theme) have been
updated today by the WordPress security team to address this issue by
removing this nonessential file. To help protect other Genericons
usage, WordPress 4.2.2 proactively scans the wp-content directory for
this HTML file and removes it. Reported by Robert Abela of Netsparker.

WordPress versions 4.2 and earlier are affected by a critical
cross-site scripting vulnerability, which could enable anonymous users
to compromise a site. WordPress 4.2.2 includes a comprehensive fix for
this issue.

The release also includes hardening for a potential cross-site
scripting vulnerability when using the visual editor. This issue was
reported by Mahadev Subedi.

See also :

Solution :

Update the affected packages.

Risk factor :


Family: FreeBSD Local Security Checks

Nessus Plugin ID: 83283 ()

Bugtraq ID:


Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now