WordPress < 3.1.4 / 3.2-RC3 Multiple Blind SQL Injection Vulnerabilities

Medium Nessus Network Monitor Plugin ID 9107

Synopsis

The remote server is hosting an outdated installation of WordPress that is vulnerable to multiple blind SQL injection attacks.

Description

Versions of WordPress prior to 3.1.4 or prior to 3.2-RC3 are susceptible to multiple SQL injection vulnerabilities due to a failure to adequately sanitize user-supplied input prior to using it in database queries.

Solution

Upgrade to WordPress 3.1.4 / 3.2-RC3, or later.

See Also

https://wordpress.org/news/2011/06/wordpress-3-1-4

Plugin Details

Severity: Medium

ID: 9107

Family: CGI

Published: 2016/02/26

Modified: 2016/11/23

Dependencies: 9035, 9036

Nessus ID: 56620

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 6

Temporal Score: 5

Vector: CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

CVSSv3

Base Score: 5.6

Temporal Score: 5.2

Vector: CVSS3#AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS3#E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:wordpress:wordpress

Patch Publication Date: 2012/04/20

Vulnerability Publication Date: 2012/04/20

Reference Information

BID: 48521