WordPress 4.0.x < 4.0.20 Multiple Vulnerabilities
High Web Application Scanning Plugin ID 98314
SynopsisWordPress 4.0.x < 4.0.20 Multiple Vulnerabilities
DescriptionAccording to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities :
- Weak MD5-based password hashing algorithm, which makes it easier for attackers to determine cleartext values by leveraging access to the hash values.
- When domain-based flashmediaelement.swf sandboxing is not used, allows remote attackers to conduct cross-domain Flash injection (XSF) attacks by leveraging code contained within the wp-includes/js/mediaelement/flashmediaelement.swf file.
Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.
SolutionUpdate to WordPress version 4.0.20 or latest.