The remote web server contains a PHP application that is affected by multiple vulnerabilities.
According to its version number, the WordPress install hosted on the remote web server is affected by multiple vulnerabilities : - The application is affected by a server-side request forgery vulnerability in the 'pingback.ping' method used in 'xmlrpc.php'. This vulnerability can be used to expose information and remotely port scan a host using pingbacks. (CVE-2013-0235) - The application is affected by two instances of cross-site scripting (XSS) attacks via shortcodes and post content. (CVE-2013-0236) - The application is affected by a cross-site scripting (XSS) vulnerability in the Plupload external library. (CVE-2013-0237) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.