FreeBSD : wordpress -- multiple vulnerabilities (54e50cd9-c1a8-11e6-ae1b-002590263bf5)

High Nessus Plugin ID 95786


The remote FreeBSD host is missing one or more security-related updates.


Jeremy Felt reports :

WordPress versions 4.6 and earlier are affected by two security issues: a cross-site scripting vulnerability via image filename, reported by SumOfPwn researcher Cengiz Han Sahin; and a path traversal vulnerability in the upgrade package uploader, reported by Dominik Schilling from the WordPress security team.


Update the affected packages.

See Also

Plugin Details

Severity: High

ID: 95786

File Name: freebsd_pkg_54e50cd9c1a811e6ae1b002590263bf5.nasl

Version: $Revision: 3.1 $

Type: local

Published: 2016/12/14

Modified: 2016/12/14

Dependencies: 12634

Risk Information

Risk Factor: High

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:de-wordpress, p-cpe:/a:freebsd:freebsd:ja-wordpress, p-cpe:/a:freebsd:freebsd:ru-wordpress, p-cpe:/a:freebsd:freebsd:wordpress, p-cpe:/a:freebsd:freebsd:zh-wordpress-zh_CN, p-cpe:/a:freebsd:freebsd:zh-wordpress-zh_TW, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2016/12/14

Vulnerability Publication Date: 2016/09/07