Synopsis
The remote server is hosting an outdated installation of WordPress that is vulnerable to multiple attack vectors.
Description
Versions of WordPress prior to 3.0.2 are susceptible to the following vulnerabilities :
- A flaw exists that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'wp-includes/comment.php script' not properly sanitizing user-supplied input to the 'Send Trackbacks' field. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data. (CVE-2010-4257)
- A flaw exists in the 'wp-includes/comment.php' script. The issue is due to the program failing to properly whitelist trackbacks and pingbacks in the blogroll. With a specially crafted URL, a remote attacker can bypass intended spam restrictions. (CVE-2010-5293)
- A flaw exists that allows a reflected cross-site scripting (XSS) attack. This flaw exists because the 'request_filesystem_credentials' function in the 'wp-admin/includes/file.php' script does not validate input passed via an error message for a FTP or SSH connection attempt. This may allow a context-dependent attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. (CVE-2010-5294)
- A flaw exists in 'wp-admin/plugins.php' that does not properly filter HTML code from user-supplied input before displaying the input. A remote user can cause arbitrary scripting code to be executed by the target user's browser. The code will originate from the site running the WordPress software and will run in the security context of that site. As a result, the code will be able to access the target user's cookies (including authentication cookies), if any, associated with the site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user. (CVE-2010-5295)
- A flaw exists in the 'wp-includes/capabilities.php' script when a multisite configuration is used. The issue is triggered as the program doesn't require Super Admin privileges for the 'delete_users' capability. This may allow a remote authenticated attacker to delete an action and bypass access restrictions. (CVE-2010-5296)
Solution
Upgrade to WordPress 3.0.2, or later.
Plugin Details
Nessus ID: 51860
Risk Information
Vector: CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Temporal Vector: CVSS:3.0/E:X/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:wordpress:wordpress
Patch Publication Date: 11/30/2010
Vulnerability Publication Date: 8/13/2010