WordPress < 4.5.2 Multiple Vulnerabilities (ImageTragick)

medium Nessus Network Monitor Plugin ID 9387

Synopsis

The remote server is hosting an outdated installation of WordPress that is affected by multiple vulnerabilities.

Description

Versions of WordPress prior to 4.5.2 are affected by multiple vulnerabilities :

- A flaw exists that is triggered when using the 'ephemeral' pseudo protocol, which may allow a context-dependent attacker to delete arbitrary files.
- A flaw exists in the 'ms' pseudo protocol that is triggered when moving image files. This may allow a context-dependent attacker to move arbitrary files to arbitrary locations.
- A flaw exists in the 'label' pseudo protocol that is triggered during the handling of a specially crafted image. This may allow a context-dependent attacker to read arbitrary files.
- A flaw known as 'ImageTragick' is triggered as shell characters are not properly filtered in filenames passed to delegate commands. This may allow a context-dependent attacker to inject arbitrary shell commands and subsequently execute arbitrary code.
- 'MediaElement.js' contains a flaw that allows a reflected cross-site scripting (XSS) attack. The program does not validate input before returning it to users. This may allow a context-dependent attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server.
- Plupload contains an unspecified same-origin method execution flaw. No further details have been provided.

Solution

Upgrade to WordPress 4.5.2 or later.

See Also

https://imagetragick.com

https://wordpress.org/news/2016/05/wordpress-4-5-2

Plugin Details

Severity: Medium

ID: 9387

Family: CGI

Published: 7/7/2016

Updated: 3/6/2019

Nessus ID: 91101

Risk Information

VPR

Risk Factor: Critical

Score: 9.8

CVSS v2

Risk Factor: Medium

Base Score: 5.8

Temporal Score: 5

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P

CVSS v3

Risk Factor: Medium

Base Score: 4.2

Temporal Score: 4

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L

Temporal Vector: CVSS:3.0/E:X/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:wordpress:wordpress

Patch Publication Date: 5/3/2016

Vulnerability Publication Date: 5/3/2016

Reference Information

CVE: CVE-2016-3714, CVE-2016-3715, CVE-2016-3716, CVE-2016-3717, CVE-2016-4566, CVE-2016-4567