WordPress < 4.4.2 Multiple Vulnerabilities

Medium Nessus Network Monitor Plugin ID 9074

Synopsis

The remote server is hosting an outdated installation of WordPress that is vulnerable to multiple attack vectors.

Description

Versions of WordPress prior to 4.4.2 are susceptible to the following vulnerabilities :

- A flaw exists that allows a cross-site redirection attack. This flaw exists because the application does not validate certain input. This could allow a context-dependent attacker to create a specially crafted link that, if followed, would redirect a victim from the intended legitimate web site to an arbitrary web site of the attacker's choosing. Such attacks are useful as the crafted URL initially appears to be a web page of a trusted site. This could be leveraged to direct an unsuspecting user to a web page containing attacks that target client-side software such as a web browser or document rendering programs, as well as phishing attacks that mimic the legitimate site but send user-supplied information to the attacker. (CVE-2016-2221)
- A flaw exists in 'src/wp-includes/http.php' related to request handling between a user and a server, where the server can be induced into performing unintended actions (Server Side Request Forgery, or SSRF). By making a crafted request that leverages certain local URIs, the server can be used to conduct host-based attacks. This may allow an attacker to bypass access restrictions (e.g. host or network ACLs), conduct port scanning of internal networks, enumerate internal hosts, or possibly invoke additional protocols (e.g. Gopher, TFTP) which may provide additional control over such requests. (CVE-2016-2222)

Solution

Upgrade to WordPress 4.4.2, or later.

See Also

https://wordpress.org/news/2016/02/wordpress-4-4-2-security-and-maintenance-release

https://core.trac.wordpress.org/changeset/36435

https://core.trac.wordpress.org/changeset/36444

Plugin Details

Severity: Medium

ID: 9074

Family: CGI

Published: 2016/02/19

Modified: 2016/02/19

Dependencies: 9035, 9036

Nessus ID: 88579

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

CVSSv3

Base Score: 5.8

Temporal Score: 5.6

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

Temporal Vector: CVSS3#E:X/RL:O/RC:C

Vulnerability Information

Patch Publication Date: 2016/02/02

Vulnerability Publication Date: 2016/02/02

Reference Information

CVE: CVE-2016-2221, CVE-2016-2222