FreeBSD : wordpress -- multiple issues (7b97b32e-27c4-11ea-9673-4c72b94353b5)

high Nessus Plugin ID 132411

Language:

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

wordpress developers reports :

Four security issues affect WordPress versions 5.3 and earlier;
version 5.3.1 fixes them, so youll want to upgrade. If you havent yet updated to 5.3, there are also updated versions of 5.2 and earlier that fix the security issues. -Props to Daniel Bachhuber for finding an issue where an unprivileged user could make a post sticky via the REST API. -Props to Simon Scannell of RIPS Technologies for finding and disclosing an issue where cross-site scripting (XSS) could be stored in well-crafted links. -Props to the WordPress.org Security Team for hardening wp_kses_bad_protocol() to ensure that it is aware of the named colon attribute. -Props to Nguyen The Duc for discovering a stored XSS vulnerability using block editor content.

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?fa5c2d57

http://www.nessus.org/u?6d36d94f

Plugin Details

Severity: High

ID: 132411

File Name: freebsd_pkg_7b97b32e27c411ea96734c72b94353b5.nasl

Version: 1.1

Type: local

Published: 12/27/2019

Updated: 12/27/2019

Supported Sensors: Nessus

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:de-wordpress, p-cpe:/a:freebsd:freebsd:fr-wordpress, p-cpe:/a:freebsd:freebsd:ja-wordpress, p-cpe:/a:freebsd:freebsd:ru-wordpress, p-cpe:/a:freebsd:freebsd:wordpress, p-cpe:/a:freebsd:freebsd:zh_cn-wordpress, p-cpe:/a:freebsd:freebsd:zh_tw-wordpress, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 12/26/2019

Vulnerability Publication Date: 12/13/2019