WordPress < 4.5.0 Multiple Vulnerabilities
Medium Nessus Plugin ID 91100
SynopsisThe PHP application running on the remote web server is affected by multiple vulnerabilities.
DescriptionAccording to its self-reported version number, the WordPress application running on the remote web server is prior to 4.5.0.
It is, therefore, affected by the following vulnerabilities :
- A server-side request forgery vulnerability exists due improper request handling between a user and the server.
An attacker can exploit this, via a specially crafted request to the http.php script using octal or hexadecimal IP addresses, to bypass access restrictions and perform unintended actions. (CVE-2016-4029)
- A cross-site scripting vulnerability exists due to improper validation of user-supplied input to the 'first_comment_author' parameter. A context-dependent attacker can exploit this, via a specially crafted request, to execute arbitrary script code in a user's browser session. (CVE-2016-6634)
- A cross-site request forgery vulnerability exists due to a failure to require multiple steps, explicit confirmation, or a unique token when making HTTP requests. An attacker can exploit this by convincing a user to follow a specially crafted link. (CVE-2016-6635)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
SolutionUpgrade to WordPress version 4.5.0 or later.