WordPress 3.9.x < 3.9.21 Multiple Vulnerabilities
High Web Application Scanning Plugin ID 98315
SynopsisWordPress 3.9.x < 3.9.21 Multiple Vulnerabilities
DescriptionAccording to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities :
- Weak MD5-based password hashing algorithm, which makes it easier for attackers to determine cleartext values by leveraging access to the hash values.
- When domain-based flashmediaelement.swf sandboxing is not used, allows remote attackers to conduct cross-domain Flash injection (XSF) attacks by leveraging code contained within the wp-includes/js/mediaelement/flashmediaelement.swf file.
Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.
SolutionUpdate to WordPress version 3.9.21 or latest.