FreeBSD : wordpress -- multiple vulnerabilities (82752070-0349-11e7-b48d-00e04c1ea73d)
High Nessus Plugin ID 97625
SynopsisThe remote FreeBSD host is missing one or more security-related updates.
DescriptionWordPress versions 4.7.2 and earlier are affected by six security issues.
- Cross-site scripting (XSS) via media file metadata.
- Control characters can trick redirect URL validation.
- Unintended files can be deleted by administrators using the plugin deletion functionality.
- Cross-site scripting (XSS) via video URL in YouTube embeds.
- Cross-site scripting (XSS) via taxonomy term names.
- Cross-site request forgery (CSRF) in Press This leading to excessive use of server resources.
SolutionUpdate the affected packages.