WordPress < 3.0.2 Multiple Vulnerabilities

Medium Nessus Network Monitor Plugin ID 9110

Synopsis

The remote server is hosting an outdated installation of WordPress that is vulnerable to multiple attack vectors.

Description

Versions of WordPress prior to 3.0.2 are susceptible to the following vulnerabilities :

- A flaw exists that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'wp-includes/comment.php script' not properly sanitizing user-supplied input to the 'Send Trackbacks' field. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data. (CVE-2010-4257)
- A flaw exists in the 'wp-includes/comment.php' script. The issue is due to the program failing to properly whitelist trackbacks and pingbacks in the blogroll. With a specially crafted URL, a remote attacker can bypass intended spam restrictions. (CVE-2010-5293)
- A flaw exists that allows a reflected cross-site scripting (XSS) attack. This flaw exists because the 'request_filesystem_credentials' function in the 'wp-admin/includes/file.php' script does not validate input passed via an error message for a FTP or SSH connection attempt. This may allow a context-dependent attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. (CVE-2010-5294)
- A flaw exists in 'wp-admin/plugins.php' that does not properly filter HTML code from user-supplied input before displaying the input. A remote user can cause arbitrary scripting code to be executed by the target user's browser. The code will originate from the site running the WordPress software and will run in the security context of that site. As a result, the code will be able to access the target user's cookies (including authentication cookies), if any, associated with the site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user. (CVE-2010-5295)
- A flaw exists in the 'wp-includes/capabilities.php' script when a multisite configuration is used. The issue is triggered as the program doesn't require Super Admin privileges for the 'delete_users' capability. This may allow a remote authenticated attacker to delete an action and bypass access restrictions. (CVE-2010-5296)

Solution

Upgrade to WordPress 3.0.2, or later.

See Also

http://codex.wordpress.org/Version_3.0.2

http://wordpress.org/news/2010/11/wordpress-3-0-2

https://core.trac.wordpress.org/changeset/15562

https://core.trac.wordpress.org/changeset/16373

https://core.trac.wordpress.org/changeset/16637

https://core.trac.wordpress.org/ticket/13887

https://core.trac.wordpress.org/changeset/16367

http://core.trac.wordpress.org/changeset/16625

Plugin Details

Severity: Medium

ID: 9110

Family: CGI

Published: 2016/02/26

Modified: 2016/02/26

Dependencies: 9035, 9036

Nessus ID: 51860

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 6

Temporal Score: 5.2

Vector: CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

CVSSv3

Base Score: 5.6

Temporal Score: 5.4

Vector: CVSS3#AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS3#E:X/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:wordpress:wordpress

Patch Publication Date: 2010/11/30

Vulnerability Publication Date: 2010/08/13

Reference Information

CVE: CVE-2010-4257, CVE-2010-5293, CVE-2010-5294, CVE-2010-5295, CVE-2010-5296

BID: 45131, 65233, 65235, 65240, 73661