SynopsisWordPress 3.7.x < 3.7.35 Multiple Vulnerabilities
DescriptionAccording to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities :
- A deserialization vulnerability exists in Requests_Utility_FilteredIterator class.
- A cross-site scripting (XSS) vulnerability exists via global variables and post slugs.
- A denial of service vulnerability against the MySQL database.
- Two privilege escalation vulnerabilities in XML-RPC.
- An arbitrary file deletion vulnerability exists via a bypass of protected meta.
- A cross-site request forgery (CSRF) vulnerability exists when updating a background image.
Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.
SolutionUpdate to WordPress version 3.7.35 or latest.