WordPress < 4.4.2 Multiple Vulnerabilities
Medium Nessus Network Monitor Plugin ID 9074
SynopsisThe remote server is hosting an outdated installation of WordPress that is vulnerable to multiple attack vectors.
DescriptionVersions of WordPress prior to 4.4.2 are susceptible to the following vulnerabilities :
- A flaw exists that allows a cross-site redirection attack. This flaw exists because the application does not validate certain input. This could allow a context-dependent attacker to create a specially crafted link that, if followed, would redirect a victim from the intended legitimate web site to an arbitrary web site of the attacker's choosing. Such attacks are useful as the crafted URL initially appears to be a web page of a trusted site. This could be leveraged to direct an unsuspecting user to a web page containing attacks that target client-side software such as a web browser or document rendering programs, as well as phishing attacks that mimic the legitimate site but send user-supplied information to the attacker. (CVE-2016-2221)
- A flaw exists in 'src/wp-includes/http.php' related to request handling between a user and a server, where the server can be induced into performing unintended actions (Server Side Request Forgery, or SSRF). By making a crafted request that leverages certain local URIs, the server can be used to conduct host-based attacks. This may allow an attacker to bypass access restrictions (e.g. host or network ACLs), conduct port scanning of internal networks, enumerate internal hosts, or possibly invoke additional protocols (e.g. Gopher, TFTP) which may provide additional control over such requests. (CVE-2016-2222)
SolutionUpgrade to WordPress 4.4.2, or later.