Synopsis
WordPress 5.5.x < 5.5.2 Multiple Vulnerabilities
Description
According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities :
- A deserialization vulnerability exists in Requests_Utility_FilteredIterator class.
- A cross-site scripting (XSS) vulnerability exists via global variables and post slugs.
- A denial of service vulnerability against the MySQL database.
- Two privilege escalation vulnerabilities in XML-RPC.
- An arbitrary file deletion vulnerability exists via a bypass of protected meta.
- A cross-site request forgery (CSRF) vulnerability exists when updating a background image.
Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update to WordPress version 5.5.2 or latest.