Cross-site scripting (XSS) vulnerability in WordPress before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

According to its self-reported version number, the WordPress application running on the remote web server is prior to 3.1.1.
It is, therefore, affected by multiple vulnerabilities, including cross-site scripting (XSS) and cross-site request forgery (XSRF), and a denial of service (DoS) vulnerability.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Versions of WordPress prior to 3.1.1 are susceptible to the following vulnerabilities :

 - A flaw exists that allows a remote cross-site scripting (XSS) attack.  This flaw exists because the application does not validate certain unspecified input before returning it to the user.  This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server. (CVE-2011-4956)
 - A flaw exists that may allow a remote denial of service.  The issue is triggered when the 'make_clickable()' function in the 'wp-includes/formatting.php' script fails to properly verify URL length in comments before passing it to the PCRE library, resulting in a loss of availability. (CVE-2011-4957)

Versions of WordPress 3.1.x prior to 3.1.2, or 3.0.x prior to 3.0.6 are susceptible to the following vulnerabilities :

 - A flaw exists related to the 'wp-admin/press-this.php 'script improperly checking user permissions when publishing posts.  This may allow a user with 'Contributor-level' privileges to post as if they had 'publish_posts' permission. (CVE-2011-1762, CVE-2011-5270)
 - A flaw exists that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate certain unspecified input before returning it to the user.  This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server. (CVE-2011-4956)

Several vulnerabilities were identified in WordPress, a web blogging tool. As the CVEs were allocated from releases announcements and specific fixes are usually not identified, it has been decided to upgrade the wordpress package to the latest upstream version instead of backporting the patches.

This means extra care should be taken when upgrading, especially when using third-party plugins or themes, since compatibility may have been impacted along the way. We recommend that users check their install before doing the upgrade.

ID	Name	Product	Family	Severity
106307	WordPress < 3.1.1 Multiple Vulnerabilities	Nessus	CGI abuses	high
9113	WordPress < 3.1.1 Multiple Vulnerabilities	Nessus Network Monitor	CGI	medium
9109	WordPress 3.1.x < 3.1.2 / 3.0.x < 3.0.6 Multiple Vulnerabilities	Nessus Network Monitor	CGI	low
59093	Debian DSA-2470-1 : wordpress - several vulnerabilities	Nessus	Debian Local Security Checks	critical

Detections

Analytics

CVE-2011-4956

medium

Tenable Plugins

high

medium

low

critical