This script is Copyright (C) 2016 Tenable Network Security, Inc.
The remote FreeBSD host is missing one or more security-related
Adam Silverstein reports :
WordPress 4.5.3 is now available. This is a security release for all
previous versions and we strongly encourage you to update your sites
WordPress versions 4.5.2 and earlier are affected by several security
issues: redirect bypass in the customizer, reported by Yassine
Aboukir; two different XSS problems via attachment names, reported by
Jouko Pynnonenand Divyesh Prajapati; revision history information
disclosure, reported independently by John Blackbourn from the
WordPress security team and by Dan Moen from the Wordfence Research
Team; oEmbed denial of service reported by Jennifer Dodd from
Automattic; unauthorized category removal from a post, reported by
David Herrera from Alley Interactive; password change via stolen
cookie, reported by Michael Adams from the WordPress security team;
and some less secure sanitize_file_name edge cases reported by Peter
Westwood of the WordPress security team.
See also :
Update the affected packages.
Risk factor :
Medium / CVSS Base Score : 5.0
Family: FreeBSD Local Security Checks
Nessus Plugin ID: 91840 ()
Get Nessus Professional to scan unlimited IPs, run compliance checks & moreBuy Nessus Professional Now