This script is Copyright (C) 2017 Tenable Network Security, Inc.
The remote FreeBSD host is missing one or more security-related
WordPress versions 4.7.2 and earlier are affected by six security
- Cross-site scripting (XSS) via media file metadata.
- Control characters can trick redirect URL validation.
- Unintended files can be deleted by administrators using the plugin
- Cross-site scripting (XSS) via video URL in YouTube embeds.
- Cross-site scripting (XSS) via taxonomy term names.
- Cross-site request forgery (CSRF) in Press This leading to excessive
use of server resources.
See also :
Update the affected packages.
Risk factor :
Get Nessus Professional to scan unlimited IPs, run compliance checks & moreBuy Nessus Professional Now