The WordPress install hosted on the remote web server is affected by a server-side request forgery vulnerability because the 'pingback.ping' method used in 'xmlrpc.php' fails to properly validate source URIs (Uniform Resource Identifiers). A remote, unauthenticated attacker can exploit this issue to disclose sensitive information and conduct remote port scanning against a remote host.

Wordpress reports :

WordPress 3.5.1 also addresses the following security issues :

- A server-side request forgery vulnerability and remote port scanning using pingbacks. This vulnerability, which could potentially be used to expose information and compromise a site, affects all previous WordPress versions. This was fixed by the WordPress security team.
We'd like to thank security researchers Gennady Kovshenin and Ryan Dewhurst for reviewing our work.

- Two instances of cross-site scripting via shortcodes and post content. These issues were discovered by Jon Cave of the WordPress security team.

- A cross-site scripting vulnerability in the external library Plupload. Thanks to the Moxiecode team for working with us on this, and for releasing Plupload 1.5.5 to address this issue.

WordPress 3.5.1 is now available. Version 3.5.1 is the first maintenance release of 3.5, fixing 37 bugs. It is also a security release for all previous WordPress versions. Which include :

  - Editor: Prevent certain HTML elements from being     unexpectedly removed or modified in rare cases.

    - Media: Fix a collection of minor workflow and       compatibility issues in the new media manager.

    - Networks: Suggest proper rewrite rules when creating a       new network.

    - Prevent scheduled posts from being stripped of certain       HTML, such as video embeds, when they are published.

    - Work around some misconfigurations that may have       caused some JavaScript in the WordPress admin area to       fail.

    - Suppress some warnings that could occur when a plugin       misused the database or user APIs.

WordPress 3.5.1 also addresses the following security issues :

  - A server-side request forgery vulnerability and remote     port scanning using pingbacks. This vulnerability, which     could potentially be used to expose information and     compromise a site, affects all previous WordPress     versions. This was fixed by the WordPress security team.
    We'd like to thank security researchers Gennady     Kovshenin and Ryan Dewhurst for reviewing our work.

    - Two instances of cross-site scripting via shortcodes       and post content. These issues were discovered by Jon       Cave of the WordPress security team.

    - A cross-site scripting vulnerability in the external       library Plupload. Thanks to the Moxiecode team for       working with us on this, and for releasing Plupload       1.5.5 to address this issue.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to its version number, the WordPress install hosted on the remote web server is affected by multiple vulnerabilities :

  - The application is affected by a server-side request     forgery vulnerability in the 'pingback.ping' method     used in 'xmlrpc.php'. This vulnerability can be used to     expose information and remotely port scan a host using     pingbacks. (CVE-2013-0235)

  - The application is affected by two instances of     cross-site scripting (XSS) attacks via shortcodes and     post content. (CVE-2013-0236)

  - The application is affected by a cross-site scripting     (XSS) vulnerability in the Plupload external library.
    (CVE-2013-0237)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Versions of WordPress prior to 3.5.1 are susceptible to the following vulnerabilities :

 - A flaw exists that may allow a remote attacker to use the site to gain information.  The issue is due to the 'xmlrpc.php' script 'pingback.ping' method not being restricted to specific sites or IP ranges.  With a crafted request, an attacker can request 'pingbacks' from internal or external hosts, effectively using the feature to conduct proxied port scans. (CVE-2013-0235)
 - A flaw exists that allows multiple remote cross-site scripting (XSS) attacks.  This flaw exists because the application does not validate certain unspecified input related to Shortcodes or Post Content before returning it to the user.  This may allow an attacker to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server. (CVE-2013-0236)
 - The plupload external library contains a flaw that allows a remote cross-site scripting (XSS) attack.  This flaw exists because the application does not validate certain unspecified input before returning it to the user. This may allow an attacker to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server. (CVE-2013-0237)

ID	Name	Product	Family	Published	Updated	Severity
64453	WordPress 'xmlrpc.php' pingback.ping Server-Side Request Forgery	Nessus	CGI abuses	2/4/2013	6/5/2024	medium
64288	FreeBSD : wordpress -- multiple vulnerabilities (559e00b7-6a4d-11e2-b6b0-10bf48230856)	Nessus	FreeBSD Local Security Checks	1/30/2013	1/6/2021	medium
64539	Fedora 17 : wordpress-3.5.1-1.fc17 (2013-1692)	Nessus	Fedora Local Security Checks	2/11/2013	1/11/2021	medium
64452	WordPress < 3.5.1 Multiple Vulnerabilities	Nessus	CGI abuses	2/4/2013	6/6/2024	medium
64544	Fedora 18 : wordpress-3.5.1-1.fc18 (2013-1774)	Nessus	Fedora Local Security Checks	2/11/2013	1/11/2021	medium
9095	WordPress < 3.5.1 Multiple Vulnerabilities	Nessus Network Monitor	CGI	2/26/2016	3/6/2019	medium

Detections

Analytics

Plugins Search

medium

medium

medium

medium

medium

medium