WordPress < 3.0.2 Multiple Vulnerabilities
Medium Nessus Plugin ID 51860
SynopsisThe remote web server hosts a PHP application that is affected by multiple vulnerabilities.
DescriptionAccording to its version number, the installation of WordPress hosted on the remote web server is affected by multiple vulnerabilities :
- A SQL injection vulnerability exists in the 'wp-includes/comment.php' script due to improper sanitization of user-supplied input to the 'Send Trackbacks' field. A remote attacker can exploit this to inject or manipulate SQL queries to manipulate or disclose arbitrary data. (CVE-2010-4257)
- A cross-site scripting vulnerability exists in the request_filesystem_credentials() function in the 'wp-admin/includes/file.php' script where input passed from an error message for an FTP or SSH connection attempt is not validated. This allows a context-dependent attacker to use a specially crafted request to execute arbitrary script code within the user's browser session. (CVE-2010-5294)
- A cross-site scripting vulnerability exists in the 'wp-admin/plugins.php' script due to improper validation of input supplied via a plugin's 'author' field. This allows a remote attacker to inject arbitrary script or HTML code in a user's browser session. (CVE-2010-5295)
- A security bypass vulnerability exists in the 'wp-includes/capabilities.php' script. When a multisite configuration is used, Super Admin privileges are not needed for the 'delete_users' capability. This allows an authenticated attacker to bypass access restrictions.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
SolutionUpgrade to WordPress 3.0.2 or later.