In WordPress before 4.7.3 (wp-admin/plugins.php), unintended files can be deleted by administrators using the plugin deletion functionality.

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities :

 - A cross-site scripting (XSS) vulnerability exists in the wp_playlist_shortcode() function within the /wp-includes/media.php script due to a failure to validate input passed via audio file metadata before returning it to users. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code in a user's browser session. (CVE-2017-6814)

 - A cross-site redirection vulnerability exists due to a failure to validate input passed via control characters before returning it to users. An unauthenticated, remote attacker can exploit this, via a specially crafted link, to redirect a user from an intended legitimate website to an arbitrary website of the attacker's choosing. (CVE-2017-6815)

 - An unspecified flaw exists in the plugin deletion functionality that allows an authenticated, remote attacker to delete unintended files. (CVE-2017-6816)

 - A cross-site scripting (XSS) vulnerability exists due to a failure to validate input to video URLs in YouTube embeds before returning it to users. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code in a user's browser session. (CVE-2017-6817)

 - A cross-site scripting (XSS) vulnerability exists due to a failure to validate input to taxonomy term names before returning it to users. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code in a user's browser session. (CVE-2017-6818)

 - A cross-site request forgery (XSRF) vulnerability exists in the Press This functionality, specifically within /wp-admin/press-this.php when handling HTTP requests, due to a failure to require multiple steps, explicit confirmation, or a unique token when performing certain sensitive actions. An unauthenticated, remote attacker can exploit this, by convincing a user to follow a specially crafted link, to cause excessive consumption of server resources. (CVE-2017-6819)

 - A DOM-based cross-site scripting (XSS) vulnerability exists in the renderTracks() function within the /wp-includes/js/mediaelement/wp-playlist.min.js script due to a failure to validate input passed via audio file metadata before returning it to users. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code in a user's browser session.

Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.

Several vulnerabilities were discovered in wordpress, a web blogging tool. They would allow remote attackers to delete unintended files, mount Cross-Site Scripting attacks, or bypass redirect URL validation mechanisms.

Several vulnerabilities were discovered in wordpress, a web blogging tool. The Common Vulnerabilities and Exposures project identifies the following issues.

CVE-2017-6814

Cross-Site Scripting (XSS) vulnerability via media file metadata

CVE-2017-6815

Control characters can trick redirect URL validation in wp-includes/pluggable.php

CVE-2017-6816

Unintended files can be deleted by administrators using the plugin deletion functionality

For Debian 7 'Wheezy', these problems have been fixed in version 3.6.1+dfsg-1~deb7u14.

We recommend that you upgrade your wordpress packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to its self-reported version number, the WordPress application running on the remote web server is prior to 4.7.3.
It is, therefore, affected by multiple vulnerabilities :

  - A cross-site scripting (XSS) vulnerability exists in the     wp_playlist_shortcode() function within the     /wp-includes/media.php script due to a failure to     validate input passed via audio file metadata before     returning it to users. An unauthenticated, remote     attacker can exploit this, via a specially crafted     request, to execute arbitrary script code in a user's     browser session.

  - A cross-site redirection vulnerability exists due to     a failure to validate input passed via control     characters before returning it to users. An     unauthenticated, remote attacker can exploit this, via     a specially crafted link, to redirect a user from an     intended legitimate website to an arbitrary website of     the attacker's choosing.

  - An unspecified flaw exists in the plugin deletion     functionality that allows an authenticated, remote     attacker to delete unintended files.

  - A cross-site scripting (XSS) vulnerability exists due to     a failure to validate input to video URLs in YouTube     embeds before returning it to users. An unauthenticated,     remote attacker can exploit this, via a specially     crafted request, to execute arbitrary script code in a     user's browser session.

  - A cross-site scripting (XSS) vulnerability exists due to     a failure to validate input to taxonomy term names     before returning it to users. An unauthenticated, remote     attacker can exploit this, via a specially crafted     request, to execute arbitrary script code in a user's     browser session.

  - A cross-site request forgery (XSRF) vulnerability exists     in the Press This functionality, specifically within     /wp-admin/press-this.php when handling HTTP requests,     due to a failure to require multiple steps, explicit     confirmation, or a unique token when performing certain     sensitive actions. An unauthenticated, remote attacker     can exploit this, by convincing a user to follow a     specially crafted link, to cause excessive consumption     of server resources.

  - A DOM-based cross-site scripting (XSS) vulnerability     exists in the renderTracks() function within the     /wp-includes/js/mediaelement/wp-playlist.min.js script     due to a failure to validate input passed via audio file     metadata before returning it to users. An     unauthenticated, remote attacker can exploit this, via a     specially crafted request, to execute arbitrary script     code in a user's browser session.
  - A directory traversal vulnerability exists in WordPress' wp-json component due to an error in post listing. An     unauthenticated, remote attacker can exploit this, by sending a URI that contains directory traversal characters,     to disclose the contents of files located outside of the server's restricted path.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
98282	WordPress 3.7.x < 3.7.19 Multiple Vulnerabilities	Web App Scanning	Component Vulnerability	medium
98281	WordPress 3.8.x < 3.8.19 Multiple Vulnerabilities	Web App Scanning	Component Vulnerability	medium
98280	WordPress 3.9.x < 3.9.17 Multiple Vulnerabilities	Web App Scanning	Component Vulnerability	medium
98279	WordPress 4.0.x < 4.0.16 Multiple Vulnerabilities	Web App Scanning	Component Vulnerability	medium
98278	WordPress 4.1.x < 4.1.16 Multiple Vulnerabilities	Web App Scanning	Component Vulnerability	medium
98277	WordPress 4.2.x < 4.2.13 Multiple Vulnerabilities	Web App Scanning	Component Vulnerability	medium
98276	WordPress 4.3.x < 4.3.9 Multiple Vulnerabilities	Web App Scanning	Component Vulnerability	medium
98275	WordPress 4.4.x < 4.4.8 Multiple Vulnerabilities	Web App Scanning	Component Vulnerability	medium
98274	WordPress 4.5.x < 4.5.7 Multiple Vulnerabilities	Web App Scanning	Component Vulnerability	medium
98273	WordPress 4.6.x < 4.6.4 Multiple Vulnerabilities	Web App Scanning	Component Vulnerability	medium
98272	WordPress 4.7.x < 4.7.3 Multiple Vulnerabilities	Web App Scanning	Component Vulnerability	medium
97922	Debian DSA-3815-1 : wordpress - security update	Nessus	Debian Local Security Checks	medium
97797	Debian DLA-860-1 : wordpress security update	Nessus	Debian Local Security Checks	medium
97635	WordPress < 4.7.3 Multiple Vulnerabilities	Nessus	CGI abuses	medium

Detections

Analytics

CVE-2017-6816

medium

Tenable Plugins

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium