Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

WordPress < 4.5.3 Multiple Vulnerabilities

Medium

Synopsis

The remote server is hosting an outdated installation of WordPress that is affected by multiple vulnerabilities.

Description

Versions of WordPress prior to 4.5.3 are affected by multiple vulnerabilities :

- A flaw exists in Customizer, which may allow an attacker to perform a "redirect bypass". (OSVDB 140310) - Multiple cross-site scripting (XSS) attacks exist because the program does not validate input when handling attachment names before returing it to users. This allows a remote attacker to craft a request that can execute arbitrary script in a user's browser session withing the trust relationship between their browser and the server. (OSVDB 140311) - A flaw in the program may allow an attacker to gain access to potentially sensitive information in the revision history. No further details have been provided by the vendor. (OSVDB 140312) - A flaw exists in oEmbed, which may allow a remote attacker to cause a denial of service. No further details have been provided by the vendor. (OSVDB 140313) - The program contains a flaw which may allow an unauthorized attacker to remove categories from posts. No further details have been provided by the vendor. (OSVDB 140314) - A flaw is triggered when handling stolen cookies. This may allow a remote attacker to make changes to passwords. No further details have been provided by the vendor. (OSVDB 140315) - Multiple flaws exist related to 'sanitize_file_name()', which may allow an attacker to have an unspecified impact. No further details have been provided by the vendor. (OSVDB 140316)

Solution

Upgrade to WordPress 4.5.3 or later.