FreeBSD : wordpress -- multiple vulnerabilities (14ea4458-e5cd-11e6-b56d-38d547003487)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Synopsis :

The remote FreeBSD host is missing one or more security-related

Description :

Aaron D. Campbell reports :

WordPress versions 4.7.1 and earlier are affected by three security
issues :

- The user interface for assigning taxonomy terms in Press This is
shown to users who do not have permissions to use it.

- WP_Query is vulnerable to a SQL injection (SQLi) when passing unsafe
data. WordPress core is not directly vulnerable to this issue, but
we've added hardening to prevent plugins and themes from
accidentally causing a vulnerability.

- A cross-site scripting (XSS) vulnerability was discovered in the
posts list table.

- An unauthenticated privilege escalation vulnerability was discovered
in a REST API endpoint.

See also :

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.5

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 96850 ()

Bugtraq ID:

CVE ID: CVE-2017-5610

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now