 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.806801 |
| Categoría: | Web application abuses |
| Título: | WordPress Multiple Vulnerabilities (Dec 2015) - Linux |
| Resumen: | WordPress is prone to multiple vulnerabilities. |
| Descripción: | Summary: WordPress is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws are due to: - An error in the legacy theme preview implementation within the file 'wp-includes/theme.php', which is not properly handling the user input. - An error in the function 'refreshAdvancedAccessibilityOfItem' within file 'wp-admin/js/nav-menu.js', which is not properly handling the user input. - An error in the function 'WP_Nav_Menu_Widget' class within file 'wp-includes/default-widgets.php', which is not properly handling the user input. - The function 'wp_untrash_post_comments' is not properly handling a comment after retrieving from trash within the file 'wp-includes/post.php' - The no usage of constant time comaprision for widgets in function 'sanitize_widget_instance' leads to timing side-channel attack by measuring the delay before inequality is calculated which is within the file 'wp-includes/class-wp-customize-widgets.php' - The Cross-site request forgery (CSRF) vulnerability in 'wp-admin/post.php' Vulnerability Impact: Successfully exploiting will allow remote attackers to inject arbitrary web script code in a user's browser session within the trust relationship between their browser and the server, to inject or manipulate SQL queries in the back-end database and to cause denial of service. Affected Software/OS: WordPress Versions before 4.2.4 on linux. Solution: Update to WordPress version 4.2.4 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2015-5734 BugTraq ID: 76331 http://www.securityfocus.com/bid/76331 Debian Security Information: DSA-3332 (Google Search) http://www.debian.org/security/2015/dsa-3332 Debian Security Information: DSA-3383 (Google Search) http://www.debian.org/security/2015/dsa-3383 https://blog.sucuri.net/2015/08/persistent-xss-vulnerability-in-wordpress-explained.html https://wpvulndb.com/vulnerabilities/8133 http://openwall.com/lists/oss-security/2015/08/04/7 http://www.securitytracker.com/id/1033178 Common Vulnerability Exposure (CVE) ID: CVE-2015-5733 https://wpvulndb.com/vulnerabilities/8132 Common Vulnerability Exposure (CVE) ID: CVE-2015-5732 BugTraq ID: 76160 http://www.securityfocus.com/bid/76160 https://wpvulndb.com/vulnerabilities/8131 Common Vulnerability Exposure (CVE) ID: CVE-2015-5731 Common Vulnerability Exposure (CVE) ID: CVE-2015-5730 https://wpvulndb.com/vulnerabilities/8130 Common Vulnerability Exposure (CVE) ID: CVE-2015-2213 https://wpvulndb.com/vulnerabilities/8126 |
| Copyright | Copyright (C) 2015 Greenbone AG |
| Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |