Vulnerabilities > CVE-2013-2205 - Configuration vulnerability in Wordpress

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
wordpress
CWE-16
nessus

Summary

The default configuration of SWFUpload in WordPress before 3.5.2 has an unrestrictive security.allowDomain setting, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted web site.

Vulnerable Configurations

Part Description Count
Application
Wordpress
256

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2013-11630.NASL
    descriptionWordPress 3.5.2 is now available. This is the second maintenance release of 3.5, fixing 12 bugs. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. The WordPress security team resolved seven security issues, and this release also contains some additional security hardening. The security fixes included : - Blocking server-side request forgery attacks, which could potentially enable an attacker to gain access to a site. - Disallow contributors from improperly publishing posts, reported by Konstantin Kovshenin, or reassigning the post
    last seen2020-03-17
    modified2013-07-12
    plugin id67315
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/67315
    titleFedora 18 : wordpress-3.5.2-1.fc18 (2013-11630)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2013-11630.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(67315);
      script_version("1.7");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");
    
      script_cve_id("CVE-2013-2173", "CVE-2013-2199", "CVE-2013-2200", "CVE-2013-2201", "CVE-2013-2202", "CVE-2013-2203", "CVE-2013-2204", "CVE-2013-2205");
      script_xref(name:"FEDORA", value:"2013-11630");
    
      script_name(english:"Fedora 18 : wordpress-3.5.2-1.fc18 (2013-11630)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "WordPress 3.5.2 is now available. This is the second maintenance
    release of 3.5, fixing 12 bugs. This is a security release for all
    previous versions and we strongly encourage you to update your sites
    immediately. The WordPress security team resolved seven security
    issues, and this release also contains some additional security
    hardening.
    
    The security fixes included :
    
      - Blocking server-side request forgery attacks, which
        could potentially enable an attacker to gain access to a
        site.
    
        - Disallow contributors from improperly publishing
          posts, reported by Konstantin Kovshenin, or
          reassigning the post's authorship, reported by Luke
          Bryan.
    
        - An update to the SWFUpload external library to fix
          cross-site scripting vulnerabilities. Reported by mala
          and Szymon Gruszecki. (Developers: More on SWFUpload
          here.)
    
        - Prevention of a denial of service attack, affecting
          sites using password-protected posts.
    
        - An update to an external TinyMCE library to fix a
          cross-site scripting vulnerability. Reported by Wan
          Ikram.
    
        - Multiple fixes for cross-site scripting. Reported by
          Andrea Santese and Rodrigo.
    
        - Avoid disclosing a full file path when a upload fails.
          Reported by Jakub Galczyk.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=973254"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=976784"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2013-July/110564.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?5fdba756"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected wordpress package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:wordpress");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:18");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2013/06/25");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2020 Tenable Network Security, Inc.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^18([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 18.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC18", reference:"wordpress-3.5.2-1.fc18")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "wordpress");
    }
    
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2013-189.NASL
    descriptionUpdated wordpress package fixes security vulnerabilities : A denial of service flaw was found in the way Wordpress, a blog tool and publishing platform, performed hash computation when checking password for password protected blog posts. A remote attacker could provide a specially- crafted input that, when processed by the password checking mechanism of Wordpress would lead to excessive CPU consumption (CVE-2013-2173). Inadequate SSRF protection for HTTP requests where the user can provide a URL can allow for attacks against the intranet and other sites. This is a continuation of work related to CVE-2013-0235, which was specific to SSRF in pingback requests and was fixed in 3.5.1 (CVE-2013-2199). Inadequate checking of a user
    last seen2020-06-01
    modified2020-06-02
    plugin id67134
    published2013-07-03
    reporterThis script is Copyright (C) 2013-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/67134
    titleMandriva Linux Security Advisory : wordpress (MDVSA-2013:189)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Mandriva Linux Security Advisory MDVSA-2013:189. 
    # The text itself is copyright (C) Mandriva S.A.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(67134);
      script_version("1.10");
      script_cvs_date("Date: 2019/08/02 13:32:55");
    
      script_cve_id("CVE-2013-2173", "CVE-2013-2199", "CVE-2013-2200", "CVE-2013-2201", "CVE-2013-2202", "CVE-2013-2203", "CVE-2013-2204", "CVE-2013-2205");
      script_bugtraq_id(60477, 60757, 60758, 60759, 60770, 60775, 60781, 60825);
      script_xref(name:"MDVSA", value:"2013:189");
    
      script_name(english:"Mandriva Linux Security Advisory : wordpress (MDVSA-2013:189)");
      script_summary(english:"Checks rpm output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Mandriva Linux host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated wordpress package fixes security vulnerabilities :
    
    A denial of service flaw was found in the way Wordpress, a blog tool
    and publishing platform, performed hash computation when checking
    password for password protected blog posts. A remote attacker could
    provide a specially- crafted input that, when processed by the
    password checking mechanism of Wordpress would lead to excessive CPU
    consumption (CVE-2013-2173).
    
    Inadequate SSRF protection for HTTP requests where the user can
    provide a URL can allow for attacks against the intranet and other
    sites. This is a continuation of work related to CVE-2013-0235, which
    was specific to SSRF in pingback requests and was fixed in 3.5.1
    (CVE-2013-2199).
    
    Inadequate checking of a user's capabilities could allow them to
    publish posts when their user role should not allow for it; and to
    assign posts to other authors (CVE-2013-2200).
    
    Inadequate escaping allowed an administrator to trigger a cross-site
    scripting vulnerability through the uploading of media files and
    plugins (CVE-2013-2201).
    
    The processing of an oEmbed response is vulnerable to an XXE
    (CVE-2013-2202).
    
    If the uploads directory is not writable, error message data returned
    via XHR will include a full path to the directory (CVE-2013-2203).
    
    Content Spoofing in the MoxieCode (TinyMCE) MoxiePlayer project
    (CVE-2013-2204).
    
    Cross-domain XSS in SWFUpload (CVE-2013-2205)."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://advisories.mageia.org/MGASA-2013-0198.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected wordpress package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:wordpress");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:business_server:1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2013/07/02");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/03");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2019 Tenable Network Security, Inc.");
      script_family(english:"Mandriva Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
    if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"MDK-MBS1", reference:"wordpress-3.5.2-1.mbs1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2013-11590.NASL
    descriptionWordPress 3.5.2 is now available. This is the second maintenance release of 3.5, fixing 12 bugs. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. The WordPress security team resolved seven security issues, and this release also contains some additional security hardening. The security fixes included : - Blocking server-side request forgery attacks, which could potentially enable an attacker to gain access to a site. - Disallow contributors from improperly publishing posts, reported by Konstantin Kovshenin, or reassigning the post
    last seen2020-03-17
    modified2013-07-12
    plugin id67314
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/67314
    titleFedora 19 : wordpress-3.5.2-1.fc19 (2013-11590)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2013-11590.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(67314);
      script_version("1.7");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");
    
      script_cve_id("CVE-2013-2173", "CVE-2013-2199", "CVE-2013-2200", "CVE-2013-2201", "CVE-2013-2202", "CVE-2013-2203", "CVE-2013-2204", "CVE-2013-2205");
      script_xref(name:"FEDORA", value:"2013-11590");
    
      script_name(english:"Fedora 19 : wordpress-3.5.2-1.fc19 (2013-11590)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "WordPress 3.5.2 is now available. This is the second maintenance
    release of 3.5, fixing 12 bugs. This is a security release for all
    previous versions and we strongly encourage you to update your sites
    immediately. The WordPress security team resolved seven security
    issues, and this release also contains some additional security
    hardening.
    
    The security fixes included :
    
      - Blocking server-side request forgery attacks, which
        could potentially enable an attacker to gain access to a
        site.
    
        - Disallow contributors from improperly publishing
          posts, reported by Konstantin Kovshenin, or
          reassigning the post's authorship, reported by Luke
          Bryan.
    
        - An update to the SWFUpload external library to fix
          cross-site scripting vulnerabilities. Reported by mala
          and Szymon Gruszecki. (Developers: More on SWFUpload
          here.)
    
        - Prevention of a denial of service attack, affecting
          sites using password-protected posts.
    
        - An update to an external TinyMCE library to fix a
          cross-site scripting vulnerability. Reported by Wan
          Ikram.
    
        - Multiple fixes for cross-site scripting. Reported by
          Andrea Santese and Rodrigo.
    
        - Avoid disclosing a full file path when a upload fails.
          Reported by Jakub Galczyk.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=973254"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=976784"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2013-July/110561.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?cedea335"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected wordpress package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:wordpress");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:19");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2013/06/24");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2020 Tenable Network Security, Inc.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^19([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 19.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC19", reference:"wordpress-3.5.2-1.fc19")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "wordpress");
    }
    
  • NASL familyCGI abuses
    NASL idWORDPRESS_3_5_2.NASL
    descriptionAccording to its version number, the WordPress install hosted on the remote web server is affected by multiple vulnerabilities : - The application contains a denial of service attack, affecting sites using password-protected posts. (CVE-2013-2173) - The application is affected by a server-side request forgery vulnerability. This vulnerability can be used to gain access to a site. (CVE-2013-2199) - A privilege escalation vulnerability exists that allows contributors to publish posts and users to reassign authorship. (CVE-2013-2200) - A cross-site scripting vulnerability exists related to uploading media. (CVE-2013-2201) - A XML External Entity Injection (XXE) vulnerability exists in
    last seen2020-06-01
    modified2020-06-02
    plugin id67021
    published2013-06-28
    reporterThis script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/67021
    titleWordPress < 3.5.2 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(67021);
      script_version("1.13");
      script_cvs_date("Date: 2018/11/15 20:50:19");
    
     script_cve_id(
        "CVE-2013-2173",
        "CVE-2013-2199",
        "CVE-2013-2200",
        "CVE-2013-2201",
        "CVE-2013-2202",
        "CVE-2013-2203",
        "CVE-2013-2204",
        "CVE-2013-2205"
     );
     script_bugtraq_id(
       60477,
       60757,
       60758,
       60759,
       60770,
       60775,
       60781,
       60825,
       60892
     );
    
      script_name(english:"WordPress < 3.5.2 Multiple Vulnerabilities");
      script_summary(english:"Checks the version of WordPress.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote web server contains a PHP application that is affected by
    multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "According to its version number, the WordPress install hosted on the
    remote web server is affected by multiple vulnerabilities :
    
      - The application contains a denial of service attack,
        affecting sites using password-protected posts.
        (CVE-2013-2173)
    
      - The application is affected by a server-side request
        forgery vulnerability. This vulnerability can be used
        to gain access to a site. (CVE-2013-2199)
    
      - A privilege escalation vulnerability exists that allows
        contributors to publish posts and users to reassign
        authorship. (CVE-2013-2200)
    
      - A cross-site scripting vulnerability exists related to
        uploading media. (CVE-2013-2201)
    
      - A XML External Entity Injection (XXE) vulnerability
        exists in 'oEmbed'. (CVE-2013-2202)
    
      - A vulnerability exists disclosing a full file path
        related to file upload. (CVE-2013-2203)
    
      - A cross-site scripting vulnerability exists related
        to 'TinyMCE' library. (CVE-2013-2204)
    
      - The application is affected by a cross-site scripting
        vulnerability in the 'SWFUpload' library.
        (CVE-2013-2205)
    
      - Cross-site scripting vulnerabilities exist in the
        'post.php' script relating to the 'excerpt' and
        'content' parameters.
    
    Note that Nessus has not tested for these issues but has instead
    relied only on the application's self-reported version number.");
      script_set_attribute(attribute:"see_also", value:"https://wordpress.org/news/2013/06/wordpress-3-5-2/");
      script_set_attribute(attribute:"see_also", value:"https://codex.wordpress.org/Version_3.5.2");
      # https://core.trac.wordpress.org/log/branches/3.5?rev=24498&stop_rev=23347
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?af0aeb24");
      script_set_attribute(attribute:"see_also", value:"https://seclists.org/fulldisclosure/2013/Jul/7");
      script_set_attribute(attribute:"solution", value:"Upgrade to WordPress 3.5.2 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
      script_set_attribute(attribute:"exploit_available", value:"false");
      script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/06/21");
      script_set_attribute(attribute:"patch_publication_date", value:"2013/06/21");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/06/28");
    
      script_set_attribute(attribute:"potential_vulnerability", value:"true");
      script_set_attribute(attribute:"plugin_type", value:"remote");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:wordpress:wordpress");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"CGI abuses");
    
      script_copyright(english:"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.");
    
      script_dependencies("wordpress_detect.nasl");
      script_require_keys("www/PHP", "installed_sw/WordPress", "Settings/ParanoidReport");
      script_require_ports("Services/www", 80);
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("http.inc");
    include("install_func.inc");
    
    app = "WordPress";
    get_install_count(app_name:app, exit_if_zero:TRUE);
    
    port = get_http_port(default:80, php:TRUE);
    
    install = get_single_install(
      app_name : app,
      port     : port,
      exit_if_unknown_ver : TRUE
    );
    
    dir = install['path'];
    version = install['version'];
    install_url = build_url(port:port, qs:dir);
    
    if (report_paranoia < 2) audit(AUDIT_PARANOID);
    
    ver = split(version, sep:".", keep:FALSE);
    for (i=0; i<max_index(ver); i++)
      ver[i] = int(ver[i]);
    
    # Versions less than 3.5.2 are vulnerable
    if (
      ver[0] < 3 ||
      (ver[0] == 3 && ver[1] < 5) ||
      (ver[0] == 3 && ver[1] == 5 && ver[2] < 2)
    )
    {
      set_kb_item(name:"www/"+port+"/XSS", value:TRUE);
      if (report_verbosity > 0)
      {
        report =
          '\n  URL               : ' +install_url+
          '\n  Installed version : ' +version+
          '\n  Fixed version     : 3.5.2\n';
        security_warning(port:port, extra:report);
      }
      else security_warning(port);
    }
    else audit(AUDIT_WEB_APP_NOT_AFFECTED, app, install_url, version);
    
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_049332D2F6E111E282F3000C29EE3065.NASL
    descriptionThe wordpress development team reports : - Blocking server-side request forgery attacks, which could potentially enable an attacker to gain access to a site - Disallow contributors from improperly publishing posts - An update to the SWFUpload external library to fix cross-site scripting vulnerabilities - Prevention of a denial of service attack, affecting sites using password-protected posts - An update to an external TinyMCE library to fix a cross-site scripting vulnerability - Multiple fixes for cross-site scripting - Avoid disclosing a full file path when a upload fails
    last seen2020-06-01
    modified2020-06-02
    plugin id69087
    published2013-07-28
    reporterThis script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/69087
    titleFreeBSD : wordpress -- multiple vulnerabilities (049332d2-f6e1-11e2-82f3-000c29ee3065)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from the FreeBSD VuXML database :
    #
    # Copyright 2003-2018 Jacques Vidrine and contributors
    #
    # Redistribution and use in source (VuXML) and 'compiled' forms (SGML,
    # HTML, PDF, PostScript, RTF and so forth) with or without modification,
    # are permitted provided that the following conditions are met:
    # 1. Redistributions of source code (VuXML) must retain the above
    #    copyright notice, this list of conditions and the following
    #    disclaimer as the first lines of this file unmodified.
    # 2. Redistributions in compiled form (transformed to other DTDs,
    #    published online in any format, converted to PDF, PostScript,
    #    RTF and other formats) must reproduce the above copyright
    #    notice, this list of conditions and the following disclaimer
    #    in the documentation and/or other materials provided with the
    #    distribution.
    # 
    # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS"
    # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
    # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
    # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS
    # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
    # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
    # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
    # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
    # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
    # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,
    # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(69087);
      script_version("1.5");
      script_cvs_date("Date: 2018/11/10 11:49:43");
    
      script_cve_id("CVE-2013-2199", "CVE-2013-2200", "CVE-2013-2201", "CVE-2013-2202", "CVE-2013-2203", "CVE-2013-2204", "CVE-2013-2205");
    
      script_name(english:"FreeBSD : wordpress -- multiple vulnerabilities (049332d2-f6e1-11e2-82f3-000c29ee3065)");
      script_summary(english:"Checks for updated packages in pkg_info output");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote FreeBSD host is missing one or more security-related
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The wordpress development team reports :
    
    - Blocking server-side request forgery attacks, which could
    potentially enable an attacker to gain access to a site
    
    - Disallow contributors from improperly publishing posts
    
    - An update to the SWFUpload external library to fix cross-site
    scripting vulnerabilities
    
    - Prevention of a denial of service attack, affecting sites using
    password-protected posts
    
    - An update to an external TinyMCE library to fix a cross-site
    scripting vulnerability
    
    - Multiple fixes for cross-site scripting
    
    - Avoid disclosing a full file path when a upload fails"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://wordpress.org/news/2013/06/wordpress-3-5-2/"
      );
      # https://vuxml.freebsd.org/freebsd/049332d2-f6e1-11e2-82f3-000c29ee3065.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?156beb35"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:de-wordpress");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:ja-wordpress");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:ru-wordpress");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:wordpress");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:zh-wordpress-zh_CN");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:zh-wordpress-zh_TW");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/06/21");
      script_set_attribute(attribute:"patch_publication_date", value:"2013/07/27");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/28");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"FreeBSD Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("freebsd_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD");
    if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (pkg_test(save_report:TRUE, pkg:"wordpress<3.5.2,1")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"zh-wordpress-zh_CN<3.5.2")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"zh-wordpress-zh_TW<3.5.2")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"de-wordpress<3.5.2")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"ja-wordpress<3.5.2")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"ru-wordpress<3.5.2")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2013-11649.NASL
    descriptionWordPress 3.5.2 is now available. This is the second maintenance release of 3.5, fixing 12 bugs. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. The WordPress security team resolved seven security issues, and this release also contains some additional security hardening. The security fixes included : - Blocking server-side request forgery attacks, which could potentially enable an attacker to gain access to a site. - Disallow contributors from improperly publishing posts, reported by Konstantin Kovshenin, or reassigning the post
    last seen2020-03-17
    modified2013-07-12
    plugin id67317
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/67317
    titleFedora 17 : wordpress-3.5.2-1.fc17 (2013-11649)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-2718.NASL
    descriptionSeveral vulnerabilities were identified in WordPress, a web blogging tool. As the CVEs were allocated from releases announcements and specific fixes are usually not identified, it has been decided to upgrade the wordpress package to the latest upstream version instead of backporting the patches. This means extra care should be taken when upgrading, especially when using third-party plugins or themes, since compatibility may have been impacted along the way. We recommend that users check their install before doing the upgrade. - CVE-2013-2173 A denial of service was found in the way WordPress performs hash computation when checking password for protected posts. An attacker supplying carefully crafted input as a password could make the platform use excessive CPU usage. - CVE-2013-2199 Multiple server-side requests forgery (SSRF) vulnerabilities were found in the HTTP API. This is related to CVE-2013-0235, which was specific to SSRF in pingback requests and was fixed in 3.5.1. - CVE-2013-2200 Inadequate checking of a user
    last seen2020-03-17
    modified2013-07-03
    plugin id67131
    published2013-07-03
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67131
    titleDebian DSA-2718-1 : wordpress - several vulnerabilities