Vulnerabilities > CVE-2016-5838 - Credentials Management vulnerability in Wordpress

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
HIGH
Availability impact
NONE
network
low complexity
wordpress
CWE-255
nessus

Summary

WordPress before 4.5.3 allows remote attackers to bypass intended password-change restrictions by leveraging knowledge of a cookie.

Vulnerable Configurations

Part Description Count
Application
Wordpress
636

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_BFCC23B63B2711E68E82002590263BF5.NASL
    descriptionAdam Silverstein reports : WordPress 4.5.3 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.5.2 and earlier are affected by several security issues: redirect bypass in the customizer, reported by Yassine Aboukir; two different XSS problems via attachment names, reported by Jouko Pynnonenand Divyesh Prajapati; revision history information disclosure, reported independently by John Blackbourn from the WordPress security team and by Dan Moen from the Wordfence Research Team; oEmbed denial of service reported by Jennifer Dodd from Automattic; unauthorized category removal from a post, reported by David Herrera from Alley Interactive; password change via stolen cookie, reported by Michael Adams from the WordPress security team; and some less secure sanitize_file_name edge cases reported by Peter Westwood of the WordPress security team.
    last seen2020-06-01
    modified2020-06-02
    plugin id91840
    published2016-06-27
    reporterThis script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/91840
    titleFreeBSD : wordpress -- multiple vulnerabilities (bfcc23b6-3b27-11e6-8e82-002590263bf5)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-568.NASL
    descriptionSeveral vulnerabilities were discovered in wordpress, a web blogging tool. The Common Vulnerabilities and Exposures project identifies the following issues. CVE-2016-5387 WordPress allows remote attackers to bypass intended access restrictions and remove a category attribute from a post via unspecified vectors. CVE-2016-5832 The customizer in WordPress allows remote attackers to bypass intended redirection restrictions via unspecified vectors. CVE-2016-5834 Cross-site scripting (XSS) vulnerability in the wp_get_attachment_link function in wp-includes/post- template.php in WordPress allows remote attackers to inject arbitrary web script or HTML via a crafted attachment name. CVE-2016-5835 WordPress allows remote attackers to obtain sensitive revision-history information by leveraging the ability to read a post related to wp-admin/includes/ajax-actions.php and wp-admin/revision.php. CVE-2016-5838 WordPress allows remote attackers to bypass intended password- change restrictions by leveraging knowledge of a cookie. CVE-2016-5839 WordPress allows remote attackers to bypass the sanitize_file_name protection mechanism via unspecified vectors. For Debian 7
    last seen2020-03-17
    modified2016-08-01
    plugin id92632
    published2016-08-01
    reporterThis script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/92632
    titleDebian DLA-568-1 : wordpress security update (httpoxy)
  • NASL familyCGI abuses
    NASL idWORDPRESS_4_5_3.NASL
    descriptionAccording to its self-reported version number, the WordPress application running on the remote web server is prior to 4.5.3. It is, therefore, affected by the following vulnerabilities : - An unspecified flaw exists in the Customizer component that allows an unauthenticated, remote attacker to perform a redirect bypass. - Multiple cross-site scripting vulnerabilities exist due to improper validation of user-supplied input when handling attachment names. An unauthenticated, remote attacker can exploit these issues, via a specially crafted request, to execute arbitrary script code in a user
    last seen2020-06-01
    modified2020-06-02
    plugin id91810
    published2016-06-24
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/91810
    titleWordPress < 4.5.3 Multiple Vulnerabilities
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-3639.NASL
    descriptionSeveral vulnerabilities were discovered in wordpress, a web blogging tool, which could allow remote attackers to compromise a site via cross-site scripting, bypass restrictions, obtain sensitive revision-history information, or mount a denial of service.
    last seen2020-06-01
    modified2020-06-02
    plugin id92706
    published2016-08-04
    reporterThis script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/92706
    titleDebian DSA-3639-1 : wordpress - security update