Detections
Analytics
WordPress 4.5.x < 4.6 Multiple Vulnerabilities
medium Nessus Network Monitor Plugin ID 9949
Synopsis
The remote server is hosting an outdated installation of WordPress that is affected by multiple vulnerabilities.Description
Versions of WordPress 4.5.x prior to 4.6 are affected by multiple vulnerabilities :- A path traversal vulnerability exists in the WordPress Admin API in the 'wp_ajax_update_plugin()' function in 'ajax-actions.php' due to improper sanitization of user-supplied input. An authenticated, remote attacker can exploit this, via a specially crafted request, to cause a denial of service condition. (CVE-2016-6896)
- A cross-site request forgery vulnerability (CSRF/XSRF) exists in the 'admin-ajax.php' script due to a failure to require multiple steps, explicit confirmation, or a unique token when performing certain sensitive actions. An unauthenticated, remote attacker can exploit this, by convincing a user to follow a specially crafted link, to perform arbitrary AJAX updates. (CVE-2016-6897)
- An information disclosure vulnerability exists in the 'wp_ajax_update_plugin()' function in the 'ajax-actions.php' script due to performing a call to 'get_plug_data()' before checking capabilities. An authenticated, remote attacker can exploit this to bypass intended read-access restrictions, resulting in a disclosure of sensitive information. (CVE-2016-10148)
Solution
Upgrade to WordPress 4.6 or later.See Also
Plugin Details
Severity: Medium
ID: 9949
Family: CGI
Published: 2/9/2017
Updated: 3/6/2019
Nessus ID: 93111
Risk Information
VPR
Risk Factor: Medium
Score: 5.0
CVSS v2
Risk Factor: Medium
Base Score: 6.8
Temporal Score: 5.6
Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C
CVSS v3
Risk Factor: Medium
Base Score: 6.5
Temporal Score: 6
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:wordpress:wordpress
Patch Publication Date: 8/16/2016
Vulnerability Publication Date: 8/20/2016