FreeBSD : wordpress -- multiple vulnerabilities (b384cc5b-8d56-11e1-8d7b-003067b2972c)

critical Nessus Plugin ID 58839

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

Wordpress reports :

External code has been updated to non-vulnerable versions. In addition the following bugs have been fixed :

- Limited privilege escalation where a site administrator could deactivate network-wide plugins when running a WordPress network under particular circumstances.

- Cross-site scripting vulnerability when making URLs clickable.

- Cross-site scripting vulnerabilities in redirects after posting comments in older browsers, and when filtering URLs.

Solution

Update the affected package.

See Also

https://codex.wordpress.org/Version_3.3.2

http://www.nessus.org/u?3a7d93c3

Plugin Details

Severity: Critical

ID: 58839

File Name: freebsd_pkg_b384cc5b8d5611e18d7b003067b2972c.nasl

Version: 1.5

Type: local

Published: 4/24/2012

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:wordpress, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 4/23/2012

Vulnerability Publication Date: 4/20/2012

Reference Information

CVE: CVE-2012-2399, CVE-2012-2400, CVE-2012-2401, CVE-2012-2402, CVE-2012-2403, CVE-2012-2404