Detections
Analytics
Fedora 38 : wordpress (2023-e18d3d4004)
high Nessus Plugin ID 176531
Language:
Synopsis
The remote Fedora host is missing one or more security updates.Description
The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-e18d3d4004 advisory.- **WordPress 6.2.2 Security Release** Security updates included in this release: * Block themes parsing shortcodes in user-generated data; thanks to Liam Gladdy of WP Engine for reporting this issue. ----
**WordPress 6.2.1 Maintenance & Security Release** Security updates included in this release * Block themes parsing shortcodes in user generated data; thanks to Liam Gladdy of WP Engine for reporting this issue * A CSRF issue updating attachment thumbnails; reported by John Blackbourn of the WordPress security team * A flaw allowing XSS via open embed auto discovery; reported independently by Jakub oczek of Securitum and during a third party security audit * Bypassing of KSES sanitization in block attributes for low privileged users; discovered during a third party security audit. * A path traversal issue via translation files; reported independently by Ramuel Gall and during a third party security audit. (FEDORA-2023-e18d3d4004)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Update the affected wordpress package.See Also
https://bodhi.fedoraproject.org/updates/FEDORA-2023-e18d3d4004
Plugin Details
Severity: High
ID: 176531
File Name: fedora_2023-e18d3d4004.nasl
Version: 1.0
Type: local
Agent: unix
Family: Fedora Local Security Checks
Published: 5/31/2023
Updated: 5/31/2023
Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus
Vulnerability Information
CPE: cpe:/o:fedoraproject:fedora:38, p-cpe:/a:fedoraproject:fedora:wordpress
Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list
Exploit Ease: No known exploits are available
Patch Publication Date: 5/23/2023
Vulnerability Publication Date: 5/23/2023
Reference Information
FEDORA: 2023-e18d3d4004