Detections
Analytics

FreeBSD : wordpress -- multiple vulnerabilities (049332d2-f6e1-11e2-82f3-000c29ee3065)

medium Nessus Plugin ID 69087

Language:

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

The wordpress development team reports :

- Blocking server-side request forgery attacks, which could potentially enable an attacker to gain access to a site

- Disallow contributors from improperly publishing posts

- An update to the SWFUpload external library to fix cross-site scripting vulnerabilities

- Prevention of a denial of service attack, affecting sites using password-protected posts

- An update to an external TinyMCE library to fix a cross-site scripting vulnerability

- Multiple fixes for cross-site scripting

- Avoid disclosing a full file path when a upload fails

Solution

Update the affected packages.

See Also

https://wordpress.org/news/2013/06/wordpress-3-5-2/

http://www.nessus.org/u?156beb35

Plugin Details

Severity: Medium

ID: 69087

File Name: freebsd_pkg_049332d2f6e111e282f3000c29ee3065.nasl

Version: 1.7

Type: local

Published: 7/28/2013

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.2

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:de-wordpress, p-cpe:/a:freebsd:freebsd:ja-wordpress, p-cpe:/a:freebsd:freebsd:ru-wordpress, p-cpe:/a:freebsd:freebsd:wordpress, p-cpe:/a:freebsd:freebsd:zh-wordpress-zh_cn, p-cpe:/a:freebsd:freebsd:zh-wordpress-zh_tw, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 7/27/2013

Vulnerability Publication Date: 6/21/2013

Reference Information

CVE: CVE-2013-2199, CVE-2013-2200, CVE-2013-2201, CVE-2013-2202, CVE-2013-2203, CVE-2013-2204, CVE-2013-2205