FreeBSD : wordpress -- multiple issues (7b97b32e-27c4-11ea-9673-4c72b94353b5)

High Nessus Plugin ID 132411

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

wordpress developers reports :

Four security issues affect WordPress versions 5.3 and earlier;
version 5.3.1 fixes them, so youll want to upgrade. If you havent yet updated to 5.3, there are also updated versions of 5.2 and earlier that fix the security issues. -Props to Daniel Bachhuber for finding an issue where an unprivileged user could make a post sticky via the REST API. -Props to Simon Scannell of RIPS Technologies for finding and disclosing an issue where cross-site scripting (XSS) could be stored in well-crafted links. -Props to the WordPress.org Security Team for hardening wp_kses_bad_protocol() to ensure that it is aware of the named colon attribute. -Props to Nguyen The Duc for discovering a stored XSS vulnerability using block editor content.

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?fa5c2d57

http://www.nessus.org/u?6d36d94f

Plugin Details

Severity: High

ID: 132411

File Name: freebsd_pkg_7b97b32e27c411ea96734c72b94353b5.nasl

Version: 1.1

Type: local

Published: 2019/12/27

Updated: 2019/12/27

Dependencies: 12634

Risk Information

Risk Factor: High

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:de-wordpress, p-cpe:/a:freebsd:freebsd:fr-wordpress, p-cpe:/a:freebsd:freebsd:ja-wordpress, p-cpe:/a:freebsd:freebsd:ru-wordpress, p-cpe:/a:freebsd:freebsd:wordpress, p-cpe:/a:freebsd:freebsd:zh_CN-wordpress, p-cpe:/a:freebsd:freebsd:zh_TW-wordpress, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2019/12/26

Vulnerability Publication Date: 2019/12/13