FreeBSD : wordpress -- 2 XSS vulnerabilities (d86890da-f498-11e4-99aa-bcaec565249c)

This script is Copyright (C) 2015 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

Samuel Sidler reports :

The Genericons icon font package, which is used in a number of popular
themes and plugins, contained an HTML file vulnerable to a cross-site
scripting attack. All affected themes and plugins hosted on
WordPress.org (including the Twenty Fifteen default theme) have been
updated today by the WordPress security team to address this issue by
removing this nonessential file. To help protect other Genericons
usage, WordPress 4.2.2 proactively scans the wp-content directory for
this HTML file and removes it. Reported by Robert Abela of Netsparker.

WordPress versions 4.2 and earlier are affected by a critical
cross-site scripting vulnerability, which could enable anonymous users
to compromise a site. WordPress 4.2.2 includes a comprehensive fix for
this issue.

The release also includes hardening for a potential cross-site
scripting vulnerability when using the visual editor. This issue was
reported by Mahadev Subedi.

See also :

https://wordpress.org/news/2015/05/wordpress-4-2-2/
http://www.nessus.org/u?8ae82255

Solution :

Update the affected packages.

Risk factor :

High

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 83283 ()

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now