ID CVE-2015-8834 Type cve Reporter cve@mitre.org Modified 2016-11-28T19:49:00
Description
Cross-site scripting (XSS) vulnerability in wp-includes/wp-db.php in WordPress before 4.2.2 allows remote attackers to inject arbitrary web script or HTML via a long comment that is improperly stored because of limitations on the MySQL TEXT data type. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-3440.
{"nessus": [{"lastseen": "2019-12-13T09:58:09", "bulletinFamily": "scanner", "description": "According to its version number, the WordPress application running on\nthe remote web server is either version 3.7.x prior to 3.7.8, 3.8.x\nprior to 3.8.8, 3.9.x prior to 3.9.6, 4.1.x prior to 4.1.5, or 4.2.x\nprior to 4.2.2. It is, therefore, potentially affected by multiple\ncross-site scripting vulnerabilities :\n\n - An HTML file in the Genericons icon font package is\n vulnerable to a cross-site scripting attack. This\n package is used in various themes and plugins.\n\n - A cross-site scripting vulnerability exists that was\n only partially fixed in the 4.2.1 release.\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application", "modified": "2019-12-02T00:00:00", "id": "WORDPRESS_4_2_2.NASL", "href": "https://www.tenable.com/plugins/nessus/83351", "published": "2015-05-12T00:00:00", "title": "WordPress Multiple XSS", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83351);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2019/11/25\");\n\n script_cve_id(\"CVE-2015-3440\", \"CVE-2015-8834\");\n script_bugtraq_id(74334);\n script_xref(name:\"EDB-ID\", value:\"36844\");\n\n script_name(english:\"WordPress Multiple XSS\");\n script_summary(english:\"Checks the version of WordPress.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The PHP application running on the remote web server is affected by\nmultiple cross-site scripting vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its version number, the WordPress application running on\nthe remote web server is either version 3.7.x prior to 3.7.8, 3.8.x\nprior to 3.8.8, 3.9.x prior to 3.9.6, 4.1.x prior to 4.1.5, or 4.2.x\nprior to 4.2.2. It is, therefore, potentially affected by multiple\ncross-site scripting vulnerabilities :\n\n - An HTML file in the Genericons icon font package is\n vulnerable to a cross-site scripting attack. This\n package is used in various themes and plugins.\n\n - A cross-site scripting vulnerability exists that was\n only partially fixed in the 4.2.1 release.\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://codex.wordpress.org/Version_3.7.8\");\n script_set_attribute(attribute:\"see_also\", value:\"https://codex.wordpress.org/Version_3.8.8\");\n script_set_attribute(attribute:\"see_also\", value:\"https://codex.wordpress.org/Version_3.9.6\");\n script_set_attribute(attribute:\"see_also\", value:\"https://codex.wordpress.org/Version_4.1.5\");\n script_set_attribute(attribute:\"see_also\", value:\"https://codex.wordpress.org/Version_4.2.2\");\n script_set_attribute(attribute:\"see_also\", value:\"https://wordpress.org/news/2015/05/wordpress-4-2-2/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to WordPress 3.7.8 / 3.8.8 / 3.9.6 / 4.1.5 / 4.2.2 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-8834\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/04/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/05/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/12\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:wordpress:wordpress\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses : XSS\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"wordpress_detect.nasl\");\n script_require_keys(\"www/PHP\", \"installed_sw/WordPress\", \"Settings/ParanoidReport\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"install_func.inc\");\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\napp = \"WordPress\";\nget_install_count(app_name:app, exit_if_zero:TRUE);\n\nport = get_http_port(default:80, php:TRUE);\n\ninstall = get_single_install(\n app_name : app,\n port : port,\n exit_if_unknown_ver : TRUE\n);\n\ndir = install['path'];\nversion = install['version'];\ninstall_url = build_url(port:port, qs:dir);\n\n\nver = split(version, sep:\".\", keep:FALSE);\nfor (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\n# Vulnerable:\n# 3.7.x < 3.7.8\n# 3.8.x < 3.8.8\n# 3.9.x < 3.9.6\n# 4.1.x < 4.1.5\n# 4.2.x < 4.2.2\n# https://wordpress.org/download/release-archive/\nfix = NULL;\n\n\nif ((ver[0] == 3 && ver[1] == 7 && ver[2] < 8) ||\n version =~ \"^3\\.7\\.8-(alpha|beta|RC)(\\d+|$|[^0-9])\"\n )\n fix = \"3.7.8\";\n\nelse if ((ver[0] == 3 && ver[1] == 8 && ver[2] < 8) ||\n version =~ \"^3\\.8\\.8-(alpha|beta|RC)(\\d+|$|[^0-9])\"\n )\n fix = \"3.8.8\";\n\nelse if ((ver[0] == 3 && ver[1] == 9 && ver[2] < 6) ||\n version =~ \"^3\\.9\\.6-(alpha|beta|RC)(\\d+|$|[^0-9])\"\n )\n fix = \"3.9.6\";\n\nelse if ((ver[0] == 4 && ver[1] == 1 && ver[2] < 5) ||\n version =~ \"^4\\.1\\.5-(alpha|beta|RC)(\\d+|$|[^0-9])\"\n )\n fix = \"4.1.5\";\n\nelse if ((ver[0] == 4 && ver[1] == 2 && ver[2] < 2) ||\n version =~ \"^4\\.2\\.2-(alpha|beta|RC)(\\d+|$|[^0-9])\"\n )\n fix = \"4.2.2\";\n\nif(fix)\n{\n set_kb_item(name:'www/'+port+'/XSS', value:TRUE);\n\n if (report_verbosity > 0)\n {\n report =\n '\\n URL : ' +install_url+\n '\\n Installed version : ' +version+\n '\\n Fixed version : ' +fix+\n '\\n';\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n}\nelse audit(AUDIT_WEB_APP_NOT_AFFECTED, app, install_url, version);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-12-13T06:51:34", "bulletinFamily": "scanner", "description": "Several vulnerabilities were discovered in wordpress, a web blogging\ntool, which could allow remote attackers to compromise a site via\ncross-site scripting, bypass restrictions, obtain sensitive\nrevision-history information, or mount a denial of service.", "modified": "2019-12-02T00:00:00", "id": "DEBIAN_DSA-3639.NASL", "href": "https://www.tenable.com/plugins/nessus/92706", "published": "2016-08-04T00:00:00", "title": "Debian DSA-3639-1 : wordpress - security update", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3639. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(92706);\n script_version(\"2.6\");\n script_cvs_date(\"Date: 2018/11/10 11:49:37\");\n\n script_cve_id(\"CVE-2015-8834\", \"CVE-2016-5832\", \"CVE-2016-5834\", \"CVE-2016-5835\", \"CVE-2016-5837\", \"CVE-2016-5838\", \"CVE-2016-5839\");\n script_xref(name:\"DSA\", value:\"3639\");\n\n script_name(english:\"Debian DSA-3639-1 : wordpress - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities were discovered in wordpress, a web blogging\ntool, which could allow remote attackers to compromise a site via\ncross-site scripting, bypass restrictions, obtain sensitive\nrevision-history information, or mount a denial of service.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/wordpress\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2016/dsa-3639\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the wordpress packages.\n\nFor the stable distribution (jessie), these problems have been fixed\nin version 4.1+dfsg-1+deb8u9.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:wordpress\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/08/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/08/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"wordpress\", reference:\"4.1+dfsg-1+deb8u9\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"wordpress-l10n\", reference:\"4.1+dfsg-1+deb8u9\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"wordpress-theme-twentyfifteen\", reference:\"4.1+dfsg-1+deb8u9\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"wordpress-theme-twentyfourteen\", reference:\"4.1+dfsg-1+deb8u9\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"wordpress-theme-twentythirteen\", reference:\"4.1+dfsg-1+deb8u9\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-12-13T06:50:37", "bulletinFamily": "scanner", "description": "Several vulnerabilities were discovered in wordpress, a web blogging\ntool. The Common Vulnerabilities and Exposures project identifies the\nfollowing issues.\n\nCVE-2015-8834: Cross-site scripting (XSS) vulnerability in\nwp-includes/wp-db.php in WordPress before 4.2.2 allows remote\nattackers to inject arbitrary web script or HTML via a long comment\nthat is improperly stored because of limitations on the MySQL TEXT\ndata type. NOTE: this vulnerability exists because of an incomplete\nfix for CVE-2015-3440\n\nCVE-2016-4029: WordPress before 4.5 does not consider octal and\nhexadecimal IP address formats when determining an intranet address,\nwhich allows remote attackers to bypass an intended SSRF protection\nmechanism via a crafted address.\n\nCVE-2016-5836: The oEmbed protocol implementation in WordPress before\n4.5.3 allows remote attackers to cause a denial of service via\nunspecified vectors.\n\nCVE-2016-6634: Cross-site scripting (XSS) vulnerability in the network\nsettings page in WordPress before 4.5 allows remote attackers to\ninject arbitrary web script or HTML via unspecified vectors.\n\nCVE-2016-6635: Cross-site request forgery (CSRF) vulnerability in the\nwp_ajax_wp_compression_test function in wp-admin/includes/ajax-\nactions.php in WordPress before 4.5 allows remote attackers to hijack\nthe authentication of administrators for requests that change the\nscript compression option.\n\nCVE-2016-7168: Fix a cross-site scripting vulnerability via image\nfilename.\n\nCVE-2016-7169: Fix a path traversal vulnerability in the upgrade\npackage uploader.\n\nFor Debian 7 ", "modified": "2019-12-02T00:00:00", "id": "DEBIAN_DLA-633.NASL", "href": "https://www.tenable.com/plugins/nessus/93667", "published": "2016-09-23T00:00:00", "title": "Debian DLA-633-1 : wordpress security update", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-633-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(93667);\n script_version(\"2.8\");\n script_cvs_date(\"Date: 2018/07/09 14:30:26\");\n\n script_cve_id(\"CVE-2015-8834\", \"CVE-2016-4029\", \"CVE-2016-5836\", \"CVE-2016-6634\", \"CVE-2016-6635\", \"CVE-2016-7168\", \"CVE-2016-7169\");\n\n script_name(english:\"Debian DLA-633-1 : wordpress security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities were discovered in wordpress, a web blogging\ntool. The Common Vulnerabilities and Exposures project identifies the\nfollowing issues.\n\nCVE-2015-8834: Cross-site scripting (XSS) vulnerability in\nwp-includes/wp-db.php in WordPress before 4.2.2 allows remote\nattackers to inject arbitrary web script or HTML via a long comment\nthat is improperly stored because of limitations on the MySQL TEXT\ndata type. NOTE: this vulnerability exists because of an incomplete\nfix for CVE-2015-3440\n\nCVE-2016-4029: WordPress before 4.5 does not consider octal and\nhexadecimal IP address formats when determining an intranet address,\nwhich allows remote attackers to bypass an intended SSRF protection\nmechanism via a crafted address.\n\nCVE-2016-5836: The oEmbed protocol implementation in WordPress before\n4.5.3 allows remote attackers to cause a denial of service via\nunspecified vectors.\n\nCVE-2016-6634: Cross-site scripting (XSS) vulnerability in the network\nsettings page in WordPress before 4.5 allows remote attackers to\ninject arbitrary web script or HTML via unspecified vectors.\n\nCVE-2016-6635: Cross-site request forgery (CSRF) vulnerability in the\nwp_ajax_wp_compression_test function in wp-admin/includes/ajax-\nactions.php in WordPress before 4.5 allows remote attackers to hijack\nthe authentication of administrators for requests that change the\nscript compression option.\n\nCVE-2016-7168: Fix a cross-site scripting vulnerability via image\nfilename.\n\nCVE-2016-7169: Fix a path traversal vulnerability in the upgrade\npackage uploader.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n3.6.1+dfsg-1~deb7u12.\n\nWe recommend that you upgrade your wordpress packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2016/09/msg00026.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/wordpress\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade the affected wordpress, and wordpress-l10n packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:wordpress\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:wordpress-l10n\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/09/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"wordpress\", reference:\"3.6.1+dfsg-1~deb7u12\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"wordpress-l10n\", reference:\"3.6.1+dfsg-1~deb7u12\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2019-05-30T02:22:38", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3639-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nAugust 03, 2016 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : wordpress\nCVE ID : CVE-2015-8834 CVE-2016-5832 CVE-2016-5834 CVE-2016-5835 \n CVE-2016-5837 CVE-2016-5838 CVE-2016-5839\n\nSeveral vulnerabilities were discovered in wordpress, a web blogging\ntool, which could allow remote attackers to compromise a site via\ncross-site scripting, bypass restrictions, obtain sensitive\nrevision-history information, or mount a denial of service.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 4.1+dfsg-1+deb8u9.\n\nWe recommend that you upgrade your wordpress packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2016-08-03T15:36:38", "published": "2016-08-03T15:36:38", "id": "DEBIAN:DSA-3639-1:BF1EF", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2016/msg00217.html", "title": "[SECURITY] [DSA 3639-1] wordpress security update", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-30T02:23:06", "bulletinFamily": "unix", "description": "Package : wordpress\nVersion : 3.6.1+dfsg-1~deb7u12\nCVE ID : CVE-2015-8834 CVE-2016-4029 CVE-2016-5836\n CVE-2016-6634 CVE-2016-6635 CVE-2016-7168\n CVE-2016-7169\n\nSeveral vulnerabilities were discovered in wordpress, a web blogging\ntool. The Common Vulnerabilities and Exposures project identifies the\nfollowing issues.\n\nCVE-2015-8834:\n Cross-site scripting (XSS) vulnerability in wp-includes/wp-db.php in\n WordPress before 4.2.2 allows remote attackers to inject arbitrary\n web script or HTML via a long comment that is improperly stored\n because of limitations on the MySQL TEXT data type.\n NOTE: this vulnerability exists because of an incomplete fix for\n CVE-2015-3440\n\nCVE-2016-4029:\n WordPress before 4.5 does not consider octal and hexadecimal IP\n address formats when determining an intranet address, which allows\n remote attackers to bypass an intended SSRF protection mechanism\n via a crafted address.\n\nCVE-2016-5836:\n The oEmbed protocol implementation in WordPress before 4.5.3 allows\n remote attackers to cause a denial of service via unspecified\n vectors.\n\nCVE-2016-6634:\n Cross-site scripting (XSS) vulnerability in the network settings\n page in WordPress before 4.5 allows remote attackers to inject\n arbitrary web script or HTML via unspecified vectors.\n\nCVE-2016-6635:\n Cross-site request forgery (CSRF) vulnerability in the\n wp_ajax_wp_compression_test function in wp-admin/includes/ajax-\n actions.php in WordPress before 4.5 allows remote attackers to\n hijack the authentication of administrators for requests that\n change the script compression option.\n\nCVE-2016-7168:\n Fix a cross-site scripting vulnerability via image filename.\n\nCVE-2016-7169:\n Fix a path traversal vulnerability in the upgrade package uploader.\n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n3.6.1+dfsg-1~deb7u12.\n\nWe recommend that you upgrade your wordpress packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "modified": "2016-09-22T20:12:33", "published": "2016-09-22T20:12:33", "id": "DEBIAN:DLA-633-1:0192E", "href": "https://lists.debian.org/debian-lts-announce/2016/debian-lts-announce-201609/msg00026.html", "title": "[SECURITY] [DLA 633-1] wordpress security update", "type": "debian", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2019-05-29T18:34:59", "bulletinFamily": "scanner", "description": "Several vulnerabilities were discovered\nin wordpress, a web blogging tool, which could allow remote attackers to compromise\na site via cross-site scripting, bypass restrictions, obtain sensitive\nrevision-history information, or mount a denial of service.", "modified": "2019-03-18T00:00:00", "published": "2016-08-04T00:00:00", "id": "OPENVAS:1361412562310703639", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703639", "title": "Debian Security Advisory DSA 3639-1 (wordpress - security update)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3639.nasl 3798 2016-08-04 11:01:10Z antu123 $\n# Auto-generated from advisory DSA 3639-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703639\");\n script_version(\"$Revision: 14279 $\");\n script_cve_id(\"CVE-2015-8834\", \"CVE-2016-5832\", \"CVE-2016-5834\", \"CVE-2016-5835\",\n \"CVE-2016-5837\", \"CVE-2016-5838\", \"CVE-2016-5839\");\n script_name(\"Debian Security Advisory DSA 3639-1 (wordpress - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:48:34 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-08-04 16:27:41 +0530 (Thu, 04 Aug 2016)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2016/dsa-3639.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n script_tag(name:\"affected\", value:\"wordpress on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (jessie),\nthese problems have been fixed in version 4.1+dfsg-1+deb8u9.\n\nWe recommend that you upgrade your wordpress packages.\");\n script_tag(name:\"summary\", value:\"Several vulnerabilities were discovered\nin wordpress, a web blogging tool, which could allow remote attackers to compromise\na site via cross-site scripting, bypass restrictions, obtain sensitive\nrevision-history information, or mount a denial of service.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software\nversion using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"wordpress\", ver:\"4.1+dfsg-1+deb8u9\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"wordpress-l10n\", ver:\"4.1+dfsg-1+deb8u9\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"wordpress-theme-twentyfifteen\", ver:\"4.1+dfsg-1+deb8u9\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"wordpress-theme-twentyfourteen\", ver:\"4.1+dfsg-1+deb8u9\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"wordpress-theme-twentythirteen\", ver:\"4.1+dfsg-1+deb8u9\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2017-07-24T12:54:20", "bulletinFamily": "scanner", "description": "Several vulnerabilities were discovered\nin wordpress, a web blogging tool, which could allow remote attackers to compromise\na site via cross-site scripting, bypass restrictions, obtain sensitive\nrevision-history information, or mount a denial of service.", "modified": "2017-07-07T00:00:00", "published": "2016-08-04T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=703639", "id": "OPENVAS:703639", "title": "Debian Security Advisory DSA 3639-1 (wordpress - security update)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3639.nasl 3798 2016-08-04 11:01:10Z antu123 $\n# Auto-generated from advisory DSA 3639-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703639);\n script_version(\"$Revision: 6608 $\");\n script_cve_id(\"CVE-2015-8834\", \"CVE-2016-5832\", \"CVE-2016-5834\", \"CVE-2016-5835\",\n \"CVE-2016-5837\", \"CVE-2016-5838\", \"CVE-2016-5839\");\n script_name(\"Debian Security Advisory DSA 3639-1 (wordpress - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:05 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2016-08-04 16:27:41 +0530 (Thu, 04 Aug 2016)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2016/dsa-3639.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"wordpress on Debian Linux\");\n script_tag(name: \"insight\", value: \"WordPress is a full featured web\nblogging tool:\n\n* Instant publishing (no rebuilding)\n* Comment pingback support with spam protection\n* Non-crufty URLs\n* Themable\n* Plugin support\");\n script_tag(name: \"solution\", value: \"For the stable distribution (jessie),\nthese problems have been fixed in version 4.1+dfsg-1+deb8u9.\n\nWe recommend that you upgrade your wordpress packages.\");\n script_tag(name: \"summary\", value: \"Several vulnerabilities were discovered\nin wordpress, a web blogging tool, which could allow remote attackers to compromise\na site via cross-site scripting, bypass restrictions, obtain sensitive\nrevision-history information, or mount a denial of service.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"wordpress\", ver:\"4.1+dfsg-1+deb8u9\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"wordpress-l10n\", ver:\"4.1+dfsg-1+deb8u9\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"wordpress-theme-twentyfifteen\", ver:\"4.1+dfsg-1+deb8u9\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"wordpress-theme-twentyfourteen\", ver:\"4.1+dfsg-1+deb8u9\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"wordpress-theme-twentythirteen\", ver:\"4.1+dfsg-1+deb8u9\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}]}
