FreeBSD : wordpress -- multiple vulnerabilities (049332d2-f6e1-11e2-82f3-000c29ee3065)

Medium Nessus Plugin ID 69087


The remote FreeBSD host is missing one or more security-related updates.


The wordpress development team reports :

- Blocking server-side request forgery attacks, which could potentially enable an attacker to gain access to a site

- Disallow contributors from improperly publishing posts

- An update to the SWFUpload external library to fix cross-site scripting vulnerabilities

- Prevention of a denial of service attack, affecting sites using password-protected posts

- An update to an external TinyMCE library to fix a cross-site scripting vulnerability

- Multiple fixes for cross-site scripting

- Avoid disclosing a full file path when a upload fails


Update the affected packages.

See Also

Plugin Details

Severity: Medium

ID: 69087

File Name: freebsd_pkg_049332d2f6e111e282f3000c29ee3065.nasl

Version: $Revision: 1.4 $

Type: local

Published: 2013/07/28

Modified: 2013/09/22

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:de-wordpress, p-cpe:/a:freebsd:freebsd:ja-wordpress, p-cpe:/a:freebsd:freebsd:ru-wordpress, p-cpe:/a:freebsd:freebsd:wordpress, p-cpe:/a:freebsd:freebsd:zh-wordpress-zh_CN, p-cpe:/a:freebsd:freebsd:zh-wordpress-zh_TW, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2013/07/27

Vulnerability Publication Date: 2013/06/21

Reference Information

CVE: CVE-2013-2199, CVE-2013-2200, CVE-2013-2201, CVE-2013-2202, CVE-2013-2203, CVE-2013-2204, CVE-2013-2205