WordPress < 3.0.2 Multiple Vulnerabilities

Medium Nessus Network Monitor Plugin ID 9110


The remote server is hosting an outdated installation of WordPress that is vulnerable to multiple attack vectors.


Versions of WordPress prior to 3.0.2 are susceptible to the following vulnerabilities :

- A flaw exists that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'wp-includes/comment.php script' not properly sanitizing user-supplied input to the 'Send Trackbacks' field. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data. (CVE-2010-4257)
- A flaw exists in the 'wp-includes/comment.php' script. The issue is due to the program failing to properly whitelist trackbacks and pingbacks in the blogroll. With a specially crafted URL, a remote attacker can bypass intended spam restrictions. (CVE-2010-5293)
- A flaw exists that allows a reflected cross-site scripting (XSS) attack. This flaw exists because the 'request_filesystem_credentials' function in the 'wp-admin/includes/file.php' script does not validate input passed via an error message for a FTP or SSH connection attempt. This may allow a context-dependent attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. (CVE-2010-5294)
- A flaw exists in 'wp-admin/plugins.php' that does not properly filter HTML code from user-supplied input before displaying the input. A remote user can cause arbitrary scripting code to be executed by the target user's browser. The code will originate from the site running the WordPress software and will run in the security context of that site. As a result, the code will be able to access the target user's cookies (including authentication cookies), if any, associated with the site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user. (CVE-2010-5295)
- A flaw exists in the 'wp-includes/capabilities.php' script when a multisite configuration is used. The issue is triggered as the program doesn't require Super Admin privileges for the 'delete_users' capability. This may allow a remote authenticated attacker to delete an action and bypass access restrictions. (CVE-2010-5296)


Upgrade to WordPress 3.0.2, or later.

See Also









Plugin Details

Severity: Medium

ID: 9110

Family: CGI

Published: 2016/02/26

Modified: 2016/02/26

Dependencies: 9035, 9036

Nessus ID: 51860

Risk Information

Risk Factor: Medium


Base Score: 6

Temporal Score: 5.2

Vector: CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C


Base Score: 5.6

Temporal Score: 5.4


Temporal Vector: CVSS3#E:X/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:wordpress:wordpress

Patch Publication Date: 2010/11/30

Vulnerability Publication Date: 2010/08/13

Reference Information

CVE: CVE-2010-4257, CVE-2010-5293, CVE-2010-5294, CVE-2010-5295, CVE-2010-5296

BID: 45131, 65233, 65235, 65240, 73661