Detections
Analytics
Debian DSA-3328-1 : wordpress - security update
medium Nessus Plugin ID 85352
Language:
Synopsis
The remote Debian host is missing a security-related update.Description
Several vulnerabilities have been found in Wordpress, the popular blogging engine.- CVE-2015-3429 The file example.html in the Genericicons icon font package and twentyfifteen Wordpress theme allowed for cross site scripting.
- CVE-2015-5622 The robustness of the shortcodes HTML tags filter has been improved. The parsing is a bit more strict, which may affect your installation.
- CVE-2015-5623 A cross site scripting vulnerability allowed users with the Contributor or Author role to elevate their privileges.
The oldstable distribution (wheezy) is only affected by CVE-2015-5622.
This less critical issue will be fixed at a later time.
Solution
Upgrade the wordpress packages.For the stable distribution (jessie), these problems have been fixed in version 4.1+dfsg-1+deb8u2.
See Also
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=784603
https://security-tracker.debian.org/tracker/CVE-2015-3429
https://security-tracker.debian.org/tracker/CVE-2015-5622
https://security-tracker.debian.org/tracker/CVE-2015-5623
Plugin Details
Severity: Medium
ID: 85352
File Name: debian_DSA-3328.nasl
Version: 2.5
Type: local
Agent: unix
Family: Debian Local Security Checks
Published: 8/13/2015
Updated: 1/11/2021
Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus
Risk Information
VPR
Risk Factor: Low
Score: 3.8
CVSS v2
Risk Factor: Medium
Base Score: 4.3
Temporal Score: 3.2
Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N
Vulnerability Information
CPE: p-cpe:/a:debian:debian_linux:wordpress, cpe:/o:debian:debian_linux:8.0
Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l
Exploit Ease: No known exploits are available
Patch Publication Date: 8/4/2015
Reference Information
CVE: CVE-2015-3429, CVE-2015-5622, CVE-2015-5623
DSA: 3328