This script is Copyright (C) 2017 Tenable Network Security, Inc.
The remote FreeBSD host is missing one or more security-related
Aaron D. Campbell reports :
WordPress versions 4.7.1 and earlier are affected by three security
- The user interface for assigning taxonomy terms in Press This is
shown to users who do not have permissions to use it.
- WP_Query is vulnerable to a SQL injection (SQLi) when passing unsafe
data. WordPress core is not directly vulnerable to this issue, but
we've added hardening to prevent plugins and themes from
accidentally causing a vulnerability.
- A cross-site scripting (XSS) vulnerability was discovered in the
posts list table.
- An unauthenticated privilege escalation vulnerability was discovered
in a REST API endpoint.
See also :
Update the affected packages.
Risk factor :
High / CVSS Base Score : 7.5