FreeBSD : wordpress -- multiple vulnerabilities (043d3a78-f245-4938-9bc7-3d0d35dd94bf)

High Nessus Plugin ID 70515


The remote FreeBSD host is missing one or more security-related updates.


The wordpress development team reports :

- Block unsafe PHP unserialization that could occur in limited situations and setups, which can lead to remote code execution.

- Prevent a user with an Author role, using a specially crafted request, from being able to create a post 'written by' another user.

- Fix insufficient input validation that could result in redirecting or leading a user to another website.

Additionally, we've adjusted security restrictions around file uploads to mitigate the potential for cross-site scripting.


Update the affected packages.

See Also

Plugin Details

Severity: High

ID: 70515

File Name: freebsd_pkg_043d3a78f24549389bc73d0d35dd94bf.nasl

Version: $Revision: 1.4 $

Type: local

Published: 2013/10/20

Modified: 2014/04/20

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:de-wordpress, p-cpe:/a:freebsd:freebsd:ja-wordpress, p-cpe:/a:freebsd:freebsd:ru-wordpress, p-cpe:/a:freebsd:freebsd:wordpress, p-cpe:/a:freebsd:freebsd:zh-wordpress-zh_CN, p-cpe:/a:freebsd:freebsd:zh-wordpress-zh_TW, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2013/10/19

Vulnerability Publication Date: 2013/09/11

Reference Information

CVE: CVE-2013-4338, CVE-2013-4339, CVE-2013-4340, CVE-2013-5738, CVE-2013-5739