Synopsis
The PHP application running on the remote web server is affected by multiple vulnerabilities.
Description
According to its self-reported version number, the WordPress application running on the remote web server is prior to 4.5.2.
It is, therefore, affected by the following vulnerabilities :
- A remote code execution vulnerability, known as ImageTragick, exists in the ImageMagick library due to a failure to properly filter shell characters in filenames passed to delegate commands. A remote attacker can exploit this, via specially crafted images, to inject shell commands and execute arbitrary code.
(CVE-2016-3714)
- An unspecified flaw exists in the ImageMagick library in the 'ephemeral' pseudo protocol that allows an attacker to delete arbitrary files. (CVE-2016-3715)
- An unspecified flaw exists in the ImageMagick library in the 'ms' pseudo protocol that allows an attacker to move arbitrary files to arbitrary locations. (CVE-2016-3716)
- An unspecified flaw exists in the ImageMagick library in the 'label' pseudo protocol that allows an attacker, via a specially crafted image, to read arbitrary files.
(CVE-2016-3717)
- A server-side request forgery (SSRF) vulnerability exists due to an unspecified flaw related to request handling between a user and the server. A remote attacker can exploit this, via an MVG file with a specially crafted fill element, to bypass access restrictions and conduct host-based attacks.
(CVE-2016-3718)
- An unspecified flaw exists in Plupload that allows an attacker to perform a same-origin method execution.
(CVE-2016-4566)
- A reflected cross-site scripting vulnerability exists in MediaElement.js due to improper validation of user-supplied input. A context-dependent attacker can exploit this, via a specially crafted request, to execute arbitrary script code in a user's browser session. (CVE-2016-4567)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Upgrade to WordPress version 4.5.2 or later.