FreeBSD : wordpress -- multiple vulnerabilities (14ea4458-e5cd-11e6-b56d-38d547003487)
High Nessus Plugin ID 96850
SynopsisThe remote FreeBSD host is missing one or more security-related updates.
DescriptionAaron D. Campbell reports :
WordPress versions 4.7.1 and earlier are affected by three security issues :
- The user interface for assigning taxonomy terms in Press This is shown to users who do not have permissions to use it.
- WP_Query is vulnerable to a SQL injection (SQLi) when passing unsafe data. WordPress core is not directly vulnerable to this issue, but we've added hardening to prevent plugins and themes from accidentally causing a vulnerability.
- A cross-site scripting (XSS) vulnerability was discovered in the posts list table.
- An unauthenticated privilege escalation vulnerability was discovered in a REST API endpoint.
SolutionUpdate the affected packages.