WordPress < 3.7.2 / 3.8.2 Multiple Vulnerabilities

medium Nessus Plugin ID 73471

Synopsis

The remote web server contains a PHP application that is affected by multiple vulnerabilities.

Description

According to its version number, the WordPress install hosted on the remote web server is affected by multiple vulnerabilities :

- A flaw exists within the application that could allow a remote attacker with the contributor role to publish posts. (CVE-2014-0165)

- A authentication bypass flaw exists with the 'wp_validate_auth_cookie' function within the 'wp-includes/pluggable.php' script. This could allow a remote attacker to bypass authentication using a forged authentication cookie. (CVE-2014-0166)

- A SQL injection flaw exists that could allow a remote attacker who is a trusted user to manipulate or inject SQL queries to the backend database, manipulating or disclosing arbitrary data.

- A cross-domain scripting flaw exists through Plupload.
This could allow a remote attacker to execute arbitrary code, with a specially crafted request, within the trust relationship between the server and browser.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to WordPress 3.7.2 / 3.8.2 or later.

See Also

https://codex.wordpress.org/Version_3.7.2

https://codex.wordpress.org/Version_3.8.2

https://core.trac.wordpress.org/changeset/27976

https://core.trac.wordpress.org/changeset/28054

Plugin Details

Severity: Medium

ID: 73471

File Name: wordpress_3_8_2.nasl

Version: 1.11

Type: remote

Family: CGI abuses

Published: 4/11/2014

Updated: 6/6/2024

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Enable CGI Scanning: true

Risk Information

VPR

Risk Factor: Low

Score: 3.5

CVSS v2

Risk Factor: Medium

Base Score: 6.4

Temporal Score: 4.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N

Vulnerability Information

CPE: cpe:/a:wordpress:wordpress

Required KB Items: www/PHP, installed_sw/WordPress, Settings/ParanoidReport

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No exploit is required

Patch Publication Date: 4/8/2014

Vulnerability Publication Date: 4/8/2014

Reference Information

CVE: CVE-2014-0165, CVE-2014-0166

BID: 66765