Vulnerabilities > CVE-2013-0235 - Unspecified vulnerability in Wordpress
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
NONE Summary
The XMLRPC API in WordPress before 3.5.1 allows remote attackers to send HTTP requests to intranet servers, and conduct port-scanning attacks, by specifying a crafted source URL for a pingback, related to a Server-Side Request Forgery (SSRF) issue. Per: http://cwe.mitre.org/data/definitions/918.html 'CWE-918: Server-Side Request Forgery (SSRF)'
Vulnerable Configurations
Metasploit
description | This module will scan for wordpress sites with the Pingback API enabled. By interfacing with the API an attacker can cause the wordpress site to port scan an external target and return results. Refer to the wordpress_pingback_portscanner module. This issue was fixed in wordpress 3.5.1 |
id | MSF:AUXILIARY/SCANNER/HTTP/WORDPRESS_PINGBACK_ACCESS |
last seen | 2019-11-30 |
modified | 2018-07-12 |
published | 2013-01-05 |
references | |
reporter | Rapid7 |
source | https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/scanner/http/wordpress_pingback_access.rb |
title | Wordpress Pingback Locator |
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2013-1774.NASL description WordPress 3.5.1 is now available. Version 3.5.1 is the first maintenance release of 3.5, fixing 37 bugs. It is also a security release for all previous WordPress versions. Which include : - Editor: Prevent certain HTML elements from being unexpectedly removed or modified in rare cases. - Media: Fix a collection of minor workflow and compatibility issues in the new media manager. - Networks: Suggest proper rewrite rules when creating a new network. - Prevent scheduled posts from being stripped of certain HTML, such as video embeds, when they are published. - Work around some misconfigurations that may have caused some JavaScript in the WordPress admin area to fail. - Suppress some warnings that could occur when a plugin misused the database or user APIs. WordPress 3.5.1 also addresses the following security issues : - A server-side request forgery vulnerability and remote port scanning using pingbacks. This vulnerability, which could potentially be used to expose information and compromise a site, affects all previous WordPress versions. This was fixed by the WordPress security team. We last seen 2020-03-17 modified 2013-02-11 plugin id 64544 published 2013-02-11 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/64544 title Fedora 18 : wordpress-3.5.1-1.fc18 (2013-1774) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2013-1774. # include("compat.inc"); if (description) { script_id(64544); script_version("1.10"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2013-0235"); script_bugtraq_id(57554); script_xref(name:"FEDORA", value:"2013-1774"); script_name(english:"Fedora 18 : wordpress-3.5.1-1.fc18 (2013-1774)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "WordPress 3.5.1 is now available. Version 3.5.1 is the first maintenance release of 3.5, fixing 37 bugs. It is also a security release for all previous WordPress versions. Which include : - Editor: Prevent certain HTML elements from being unexpectedly removed or modified in rare cases. - Media: Fix a collection of minor workflow and compatibility issues in the new media manager. - Networks: Suggest proper rewrite rules when creating a new network. - Prevent scheduled posts from being stripped of certain HTML, such as video embeds, when they are published. - Work around some misconfigurations that may have caused some JavaScript in the WordPress admin area to fail. - Suppress some warnings that could occur when a plugin misused the database or user APIs. WordPress 3.5.1 also addresses the following security issues : - A server-side request forgery vulnerability and remote port scanning using pingbacks. This vulnerability, which could potentially be used to expose information and compromise a site, affects all previous WordPress versions. This was fixed by the WordPress security team. We'd like to thank security researchers Gennady Kovshenin and Ryan Dewhurst for reviewing our work. - Two instances of cross-site scripting via shortcodes and post content. These issues were discovered by Jon Cave of the WordPress security team. - A cross-site scripting vulnerability in the external library Plupload. Thanks to the Moxiecode team for working with us on this, and for releasing Plupload 1.5.5 to address this issue. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=904120" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=904121" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=904122" ); # https://lists.fedoraproject.org/pipermail/package-announce/2013-February/098476.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?b8f719cf" ); script_set_attribute( attribute:"solution", value:"Update the affected wordpress package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:wordpress"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:18"); script_set_attribute(attribute:"patch_publication_date", value:"2013/02/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/02/11"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^18([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 18.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC18", reference:"wordpress-3.5.1-1.fc18")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "wordpress"); }
NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2013-189.NASL description Updated wordpress package fixes security vulnerabilities : A denial of service flaw was found in the way Wordpress, a blog tool and publishing platform, performed hash computation when checking password for password protected blog posts. A remote attacker could provide a specially- crafted input that, when processed by the password checking mechanism of Wordpress would lead to excessive CPU consumption (CVE-2013-2173). Inadequate SSRF protection for HTTP requests where the user can provide a URL can allow for attacks against the intranet and other sites. This is a continuation of work related to CVE-2013-0235, which was specific to SSRF in pingback requests and was fixed in 3.5.1 (CVE-2013-2199). Inadequate checking of a user last seen 2020-06-01 modified 2020-06-02 plugin id 67134 published 2013-07-03 reporter This script is Copyright (C) 2013-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/67134 title Mandriva Linux Security Advisory : wordpress (MDVSA-2013:189) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandriva Linux Security Advisory MDVSA-2013:189. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(67134); script_version("1.10"); script_cvs_date("Date: 2019/08/02 13:32:55"); script_cve_id("CVE-2013-2173", "CVE-2013-2199", "CVE-2013-2200", "CVE-2013-2201", "CVE-2013-2202", "CVE-2013-2203", "CVE-2013-2204", "CVE-2013-2205"); script_bugtraq_id(60477, 60757, 60758, 60759, 60770, 60775, 60781, 60825); script_xref(name:"MDVSA", value:"2013:189"); script_name(english:"Mandriva Linux Security Advisory : wordpress (MDVSA-2013:189)"); script_summary(english:"Checks rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Mandriva Linux host is missing a security update." ); script_set_attribute( attribute:"description", value: "Updated wordpress package fixes security vulnerabilities : A denial of service flaw was found in the way Wordpress, a blog tool and publishing platform, performed hash computation when checking password for password protected blog posts. A remote attacker could provide a specially- crafted input that, when processed by the password checking mechanism of Wordpress would lead to excessive CPU consumption (CVE-2013-2173). Inadequate SSRF protection for HTTP requests where the user can provide a URL can allow for attacks against the intranet and other sites. This is a continuation of work related to CVE-2013-0235, which was specific to SSRF in pingback requests and was fixed in 3.5.1 (CVE-2013-2199). Inadequate checking of a user's capabilities could allow them to publish posts when their user role should not allow for it; and to assign posts to other authors (CVE-2013-2200). Inadequate escaping allowed an administrator to trigger a cross-site scripting vulnerability through the uploading of media files and plugins (CVE-2013-2201). The processing of an oEmbed response is vulnerable to an XXE (CVE-2013-2202). If the uploads directory is not writable, error message data returned via XHR will include a full path to the directory (CVE-2013-2203). Content Spoofing in the MoxieCode (TinyMCE) MoxiePlayer project (CVE-2013-2204). Cross-domain XSS in SWFUpload (CVE-2013-2205)." ); script_set_attribute( attribute:"see_also", value:"http://advisories.mageia.org/MGASA-2013-0198.html" ); script_set_attribute( attribute:"solution", value:"Update the affected wordpress package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:wordpress"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:business_server:1"); script_set_attribute(attribute:"patch_publication_date", value:"2013/07/02"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/03"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK-MBS1", reference:"wordpress-3.5.2-1.mbs1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family CGI abuses NASL id WORDPRESS_3_5_1.NASL description According to its version number, the WordPress install hosted on the remote web server is affected by multiple vulnerabilities : - The application is affected by a server-side request forgery vulnerability in the last seen 2020-06-01 modified 2020-06-02 plugin id 64452 published 2013-02-04 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/64452 title WordPress < 3.5.1 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(64452); script_version("1.12"); script_cvs_date("Date: 2019/12/04"); script_cve_id("CVE-2013-0235", "CVE-2013-0236", "CVE-2013-0237"); script_bugtraq_id(57554, 57555); script_name(english:"WordPress < 3.5.1 Multiple Vulnerabilities"); script_summary(english:"Checks the version of WordPress."); script_set_attribute(attribute:"synopsis", value: "The remote web server contains a PHP application that is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "According to its version number, the WordPress install hosted on the remote web server is affected by multiple vulnerabilities : - The application is affected by a server-side request forgery vulnerability in the 'pingback.ping' method used in 'xmlrpc.php'. This vulnerability can be used to expose information and remotely port scan a host using pingbacks. (CVE-2013-0235) - The application is affected by two instances of cross-site scripting (XSS) attacks via shortcodes and post content. (CVE-2013-0236) - The application is affected by a cross-site scripting (XSS) vulnerability in the Plupload external library. (CVE-2013-0237) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number."); script_set_attribute(attribute:"see_also", value:"https://github.com/FireFart/WordpressPingbackPortScanner"); script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/525045/30/0/threaded"); script_set_attribute(attribute:"see_also", value:"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html"); script_set_attribute(attribute:"see_also", value:"https://wordpress.org/news/2013/01/wordpress-3-5-1/"); script_set_attribute(attribute:"see_also", value:"https://codex.wordpress.org/Version_3.5.1"); script_set_attribute(attribute:"solution", value: "Upgrade to WordPress 3.5.1 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-0235"); script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990); script_set_attribute(attribute:"vuln_publication_date", value:"2012/12/11"); script_set_attribute(attribute:"patch_publication_date", value:"2013/01/24"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/02/04"); script_set_attribute(attribute:"potential_vulnerability", value:"true"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:wordpress:wordpress"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"CGI abuses"); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("wordpress_detect.nasl"); script_require_keys("www/PHP", "installed_sw/WordPress", "Settings/ParanoidReport"); script_require_ports("Services/www", 80); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("http.inc"); include("install_func.inc"); app = "WordPress"; get_install_count(app_name:app, exit_if_zero:TRUE); port = get_http_port(default:80, php:TRUE); install = get_single_install( app_name : app, port : port, exit_if_unknown_ver : TRUE ); dir = install['path']; version = install['version']; install_url = build_url(port:port, qs:dir); if (report_paranoia < 2) audit(AUDIT_PARANOID); ver = split(version, sep:".", keep:FALSE); for (i=0; i<max_index(ver); i++) ver[i] = int(ver[i]); # Versions less than 3.5.1 are vulnerable if ( ver[0] < 3 || (ver[0] == 3 && ver[1] < 5) || (ver[0] == 3 && ver[1] == 5 && ver[2] < 1) ) { set_kb_item(name:"www/"+port+"/XSS", value:TRUE); if (report_verbosity > 0) { report = '\n URL : ' +install_url+ '\n Installed version : ' +version+ '\n Fixed version : 3.5.1\n'; security_warning(port:port, extra:report); } else security_warning(port); } else audit(AUDIT_WEB_APP_NOT_AFFECTED, app, install_url, version);
NASL family CGI abuses NASL id WORDPRESS_XMLRPC_PINGBACK_REQUEST_FORGERY.NASL description The WordPress install hosted on the remote web server is affected by a server-side request forgery vulnerability because the last seen 2020-06-01 modified 2020-06-02 plugin id 64453 published 2013-02-04 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/64453 title WordPress 'xmlrpc.php' pingback.ping Server-Side Request Forgery code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(64453); script_version("1.11"); script_cvs_date("Date: 2019/12/04"); script_cve_id("CVE-2013-0235"); script_bugtraq_id(57554); script_name(english:"WordPress 'xmlrpc.php' pingback.ping Server-Side Request Forgery"); script_summary(english:"Attempts to verify the existence of files."); script_set_attribute(attribute:"synopsis", value: "The remote web server contains a PHP application that is affected by a server-side request forgery vulnerability."); script_set_attribute(attribute:"description", value: "The WordPress install hosted on the remote web server is affected by a server-side request forgery vulnerability because the 'pingback.ping' method used in 'xmlrpc.php' fails to properly validate source URIs (Uniform Resource Identifiers). A remote, unauthenticated attacker can exploit this issue to disclose sensitive information and conduct remote port scanning against a remote host."); script_set_attribute(attribute:"see_also", value:"https://github.com/FireFart/WordpressPingbackPortScanner"); script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/525045/30/0/threaded"); script_set_attribute(attribute:"see_also", value:"http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html"); script_set_attribute(attribute:"see_also", value:"https://wordpress.org/news/2013/01/wordpress-3-5-1/"); script_set_attribute(attribute:"see_also", value:"https://codex.wordpress.org/Version_3.5.1"); script_set_attribute(attribute:"solution", value: "Upgrade to WordPress 3.5.1 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-0235"); script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"exploited_by_nessus", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/12/11"); script_set_attribute(attribute:"patch_publication_date", value:"2013/01/24"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/02/04"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:wordpress:wordpress"); script_end_attributes(); script_category(ACT_ATTACK); script_family(english:"CGI abuses"); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("wordpress_detect.nasl", "os_fingerprint.nasl"); script_require_keys("installed_sw/WordPress", "www/PHP"); script_require_ports("Services/www", 80); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("http.inc"); include("install_func.inc"); include("data_protection.inc"); app = "WordPress"; get_install_count(app_name:app, exit_if_zero:TRUE); port = get_http_port(default:80, php:TRUE); install = get_single_install( app_name : app, port : port ); dir = install['path']; install_url = build_url(port:port, qs:dir); # Determine what to look for. os = get_kb_item("Host/OS"); if (os && report_paranoia < 2) { if ("Windows" >< os) files = make_list('windows/win.ini', 'winnt/win.ini'); else files = make_list('etc/passwd'); } else files = make_list('etc/passwd', 'windows/win.ini', 'winnt/win.ini'); # Verify that xmlrpc.php is accessible vuln = FALSE; res = http_send_recv3( method : "GET", item : dir + "/xmlrpc.php", port : port, exit_on_fail : TRUE ); if ("XML-RPC server accepts POST requests only" >< res[2]) { foreach file (files) { postdata = '<?xml version="1.0" encoding="utf-8"?>\r\n' + '<methodCall>\r\n' + ' <methodName>pingback.ping</methodName>\r\n' + ' <params>\r\n' + ' <param><value><string>file:///' +file+ '</string></value></param>\r\n'+ ' <param><value><string>' +install_url+ '/?p=1</string></value></param>'+ '\r\n' + ' </params>\r\n' + '</methodCall>\r\n'; res = http_send_recv3( method : "POST", item : dir + "/xmlrpc.php", data : postdata, content_type : "application/x-www-form-urlencoded", port : port, exit_on_fail : TRUE ); exp_request = http_last_sent_request(); # If file is found, our string will report our title is not found # Else our response will reflect 'The source URL does not exist.' if ("<string>We cannot find a title on that page" >< res[2]) { vuln = TRUE; break; } } } if (!vuln) audit(AUDIT_WEB_APP_NOT_AFFECTED, app, install_url); if (report_verbosity > 0) { res[2] = data_protection::redact_etc_passwd(output:res[2]); snip = crap(data:"-", length:30)+' snip '+ crap(data:"-", length:30); report = '\nNessus was able to verify the issue exists using the following request :' + '\n' + '\n' + exp_request + '\n'; if (report_verbosity > 1) { report += '\n' + 'By examining the response, Nessus was able to verify the file'+ '\n' + '"' +file+ '" exists on the remote host. This can be observed' + '\n' + 'in the following output :' + '\n' + '\n' + snip + '\n' + chomp(res[2]) + '\n' + snip + '\n'; } security_warning(port:port, extra:report); } else security_warning(port);
NASL family Fedora Local Security Checks NASL id FEDORA_2013-1692.NASL description WordPress 3.5.1 is now available. Version 3.5.1 is the first maintenance release of 3.5, fixing 37 bugs. It is also a security release for all previous WordPress versions. Which include : - Editor: Prevent certain HTML elements from being unexpectedly removed or modified in rare cases. - Media: Fix a collection of minor workflow and compatibility issues in the new media manager. - Networks: Suggest proper rewrite rules when creating a new network. - Prevent scheduled posts from being stripped of certain HTML, such as video embeds, when they are published. - Work around some misconfigurations that may have caused some JavaScript in the WordPress admin area to fail. - Suppress some warnings that could occur when a plugin misused the database or user APIs. WordPress 3.5.1 also addresses the following security issues : - A server-side request forgery vulnerability and remote port scanning using pingbacks. This vulnerability, which could potentially be used to expose information and compromise a site, affects all previous WordPress versions. This was fixed by the WordPress security team. We last seen 2020-03-17 modified 2013-02-11 plugin id 64539 published 2013-02-11 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/64539 title Fedora 17 : wordpress-3.5.1-1.fc17 (2013-1692) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_559E00B76A4D11E2B6B010BF48230856.NASL description Wordpress reports : WordPress 3.5.1 also addresses the following security issues : - A server-side request forgery vulnerability and remote port scanning using pingbacks. This vulnerability, which could potentially be used to expose information and compromise a site, affects all previous WordPress versions. This was fixed by the WordPress security team. We last seen 2020-06-01 modified 2020-06-02 plugin id 64288 published 2013-01-30 reporter This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/64288 title FreeBSD : wordpress -- multiple vulnerabilities (559e00b7-6a4d-11e2-b6b0-10bf48230856) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2718.NASL description Several vulnerabilities were identified in WordPress, a web blogging tool. As the CVEs were allocated from releases announcements and specific fixes are usually not identified, it has been decided to upgrade the wordpress package to the latest upstream version instead of backporting the patches. This means extra care should be taken when upgrading, especially when using third-party plugins or themes, since compatibility may have been impacted along the way. We recommend that users check their install before doing the upgrade. - CVE-2013-2173 A denial of service was found in the way WordPress performs hash computation when checking password for protected posts. An attacker supplying carefully crafted input as a password could make the platform use excessive CPU usage. - CVE-2013-2199 Multiple server-side requests forgery (SSRF) vulnerabilities were found in the HTTP API. This is related to CVE-2013-0235, which was specific to SSRF in pingback requests and was fixed in 3.5.1. - CVE-2013-2200 Inadequate checking of a user last seen 2020-03-17 modified 2013-07-03 plugin id 67131 published 2013-07-03 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67131 title Debian DSA-2718-1 : wordpress - several vulnerabilities
The Hacker News
id THN:F155C0EB92B173820C2A906FB070B734 last seen 2017-01-08 modified 2013-05-01 published 2013-05-01 reporter Mohit Kumar source http://thehackernews.com/2013/05/millions-of-wordpress-sites-exploitable.html title Millions of WordPress sites exploitable for DDoS Attacks using Pingback mechanism id THN:BE379A796F15B93543F6972B7FEE4338 last seen 2018-01-27 modified 2014-03-12 published 2014-03-11 reporter Sudhir K Bansal source https://thehackernews.com/2014/03/162000-vulnerable-wordpress-websites.html title 162,000 vulnerable WordPress websites abused to perform DDoS Attack