Cross-site scripting (XSS) vulnerability in Press This in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
{"ubuntucve": [{"lastseen": "2021-11-22T21:50:50", "description": "Cross-site scripting (XSS) vulnerability in Press This in WordPress before\n3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows\nremote attackers to inject arbitrary web script or HTML via unspecified\nvectors.\n\n#### Bugs\n\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770425>\n", "cvss3": {}, "published": "2014-11-25T00:00:00", "type": "ubuntucve", "title": "CVE-2014-9035", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9035"], "modified": "2014-11-25T00:00:00", "id": "UB:CVE-2014-9035", "href": "https://ubuntu.com/security/CVE-2014-9035", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "patchstack": [{"lastseen": "2022-06-01T19:47:35", "description": "Because of this vulnerability in the \"Press This\" function, the attackers can inject arbitrary web script or HTML via unspecified vectors. \r\n\r\nRelated records:\r\n\r\nhttp://db.threatpress.com/vulnerability/wordpress/wordpress-4-0-0-xss\r\nhttp://db.threatpress.com/vulnerability/wordpress/wordpress-4-0-0-xss-3\n\n## Solution\n\n\r\n Update WordPress. \r\n ", "cvss3": {}, "published": "2014-11-20T00:00:00", "type": "patchstack", "title": "WordPress <= 4.0.0 - XSS #2", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9035"], "modified": "2014-11-20T00:00:00", "id": "PATCHSTACK:BC4B1DA9E289AE7AE4E8338565AD756A", "href": "https://patchstack.com/database/vulnerability/wordpress/wordpress-4-0-0-xss-2", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "cve": [{"lastseen": "2022-03-23T15:18:09", "description": "Cross-site scripting (XSS) vulnerability in Press This in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.", "cvss3": {}, "published": "2014-11-25T23:59:00", "type": "cve", "title": "CVE-2014-9035", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9035"], "modified": "2016-04-04T13:16:00", "cpe": ["cpe:/a:wordpress:wordpress:3.8", "cpe:/a:wordpress:wordpress:3.8.1", "cpe:/a:wordpress:wordpress:3.8.2", "cpe:/a:wordpress:wordpress:3.7.4", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:debian:debian_linux:7.0", "cpe:/a:wordpress:wordpress:3.8.4", "cpe:/a:wordpress:wordpress:3.9.1", "cpe:/a:wordpress:wordpress:3.9.2", "cpe:/a:wordpress:wordpress:3.9", "cpe:/a:wordpress:wordpress:4.0", "cpe:/a:wordpress:wordpress:3.8.3"], "id": "CVE-2014-9035", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9035", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:wordpress:wordpress:3.7.4:*:*:*:*:*:*:*", "cpe:2.3:a:wordpress:wordpress:3.9.2:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:wordpress:wordpress:3.8.3:*:*:*:*:*:*:*", "cpe:2.3:a:wordpress:wordpress:3.8.2:*:*:*:*:*:*:*", "cpe:2.3:a:wordpress:wordpress:3.9.1:*:*:*:*:*:*:*", "cpe:2.3:a:wordpress:wordpress:3.8:*:*:*:*:*:*:*", "cpe:2.3:a:wordpress:wordpress:3.9:*:*:*:*:*:*:*", "cpe:2.3:a:wordpress:wordpress:3.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:wordpress:wordpress:3.8.4:*:*:*:*:*:*:*", "cpe:2.3:a:wordpress:wordpress:4.0:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2019-05-29T18:37:27", "description": "Multiple security issues have been\ndiscovered in Wordpress, a web blogging tool, resulting in denial of service\nor information disclosure.\n\nJouko Pynnonen discovered an unauthenticated cross site scripting\nvulnerability (XSS) in wptexturize(), exploitable via comments or\nposts.\n\nCVE-2014-9033\nCross site request forgery (CSRF) vulnerability in the password\nchanging process, which could be used by an attacker to trick an\nuser into changing her password.\n\nCVE-2014-9034\nJavier Nieto Arevalo and Andres Rojas Guerrero reported a potential\ndenial of service in the way the phpass library is used to handle\npasswords, since no maximum password length was set.\n\nCVE-2014-9035John Blackbourn reported an XSS in the Press This function (used\nfor quick publishing using a browser bookmarklet).\n\nCVE-2014-9036\nRobert Chapin reported an XSS in the HTML filtering of CSS in posts.\n\nCVE-2014-9037\nDavid Anderson reported a hash comparison vulnerability for\npasswords stored using the old-style MD5 scheme. While unlikely,\nthis could be exploited to compromise an account, if the user had\nnot logged in after a Wordpress 2.5 update (uploaded to Debian on 2\nApr, 2008) and the password MD5 hash could be collided with due to\nPHP dynamic comparison.\n\nCVE-2014-9038\nBen Bidner reported a server side request forgery (SSRF) in the core\nHTTP layer which unsufficiently blocked the loopback IP address\nspace.\n\nCVE-2014-9039\nMomen Bassel, Tanoy Bose, and Bojan Slavkovic reported a\nvulnerability in the password reset process: an email address change\nwould not invalidate a previous password reset email.", "cvss3": {}, "published": "2014-12-03T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3085-1 (wordpress - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9031", "CVE-2014-9039", "CVE-2014-9035", "CVE-2014-9033", "CVE-2014-9036", "CVE-2014-9037", "CVE-2014-9034", "CVE-2014-9038"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310703085", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703085", "sourceData": "########################################################################\n# OpenVAS Vulnerability Test\n# $Id: deb_3085.nasl 14277 2019-03-18 14:45:38Z cfischer $\n# Auto-generated from advisory DSA 3085-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n#############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703085\");\n script_version(\"$Revision: 14277 $\");\n script_cve_id(\"CVE-2014-9031\", \"CVE-2014-9033\", \"CVE-2014-9034\", \"CVE-2014-9035\",\n \"CVE-2014-9036\", \"CVE-2014-9037\", \"CVE-2014-9038\", \"CVE-2014-9039\");\n script_name(\"Debian Security Advisory DSA 3085-1 (wordpress - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:45:38 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-12-03 00:00:00 +0100 (Wed, 03 Dec 2014)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2014/dsa-3085.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n script_tag(name:\"affected\", value:\"wordpress on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (wheezy),\nthese problems have been fixed in version 3.6.1+dfsg-1~deb7u5.\n\nFor the upcoming stable distribution (jessie), these problems have been\nfixed in version 4.0.1+dfsg-1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 4.0.1+dfsg-1.\n\nWe recommend that you upgrade your wordpress packages.\");\n script_tag(name:\"summary\", value:\"Multiple security issues have been\ndiscovered in Wordpress, a web blogging tool, resulting in denial of service\nor information disclosure.\n\nJouko Pynnonen discovered an unauthenticated cross site scripting\nvulnerability (XSS) in wptexturize(), exploitable via comments or\nposts.\n\nCVE-2014-9033\nCross site request forgery (CSRF) vulnerability in the password\nchanging process, which could be used by an attacker to trick an\nuser into changing her password.\n\nCVE-2014-9034\nJavier Nieto Arevalo and Andres Rojas Guerrero reported a potential\ndenial of service in the way the phpass library is used to handle\npasswords, since no maximum password length was set.\n\nCVE-2014-9035John Blackbourn reported an XSS in the Press This function (used\nfor quick publishing using a browser bookmarklet).\n\nCVE-2014-9036\nRobert Chapin reported an XSS in the HTML filtering of CSS in posts.\n\nCVE-2014-9037\nDavid Anderson reported a hash comparison vulnerability for\npasswords stored using the old-style MD5 scheme. While unlikely,\nthis could be exploited to compromise an account, if the user had\nnot logged in after a Wordpress 2.5 update (uploaded to Debian on 2\nApr, 2008) and the password MD5 hash could be collided with due to\nPHP dynamic comparison.\n\nCVE-2014-9038\nBen Bidner reported a server side request forgery (SSRF) in the core\nHTTP layer which unsufficiently blocked the loopback IP address\nspace.\n\nCVE-2014-9039\nMomen Bassel, Tanoy Bose, and Bojan Slavkovic reported a\nvulnerability in the password reset process: an email address change\nwould not invalidate a previous password reset email.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software\nversion using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"wordpress\", ver:\"3.6.1+dfsg-1~deb7u5\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"wordpress-l10n\", ver:\"3.6.1+dfsg-1~deb7u5\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-08-01T10:48:36", "description": "Multiple security issues have been\ndiscovered in Wordpress, a web blogging tool, resulting in denial of service\nor information disclosure. More information can be found in the upstream advisory\nat https://wordpress.org/news/2014/11/wordpress-4-0-1/CVE-2014-9031\nJouko Pynnonen discovered an unauthenticated cross site scripting\nvulnerability (XSS) in wptexturize(), exploitable via comments or\nposts.\n\nCVE-2014-9033\nCross site request forgery (CSRF) vulnerability in the password\nchanging process, which could be used by an attacker to trick an\nuser into changing her password.\n\nCVE-2014-9034\nJavier Nieto Arevalo and Andres Rojas Guerrero reported a potential\ndenial of service in the way the phpass library is used to handle\npasswords, since no maximum password length was set.\n\nCVE-2014-9035John Blackbourn reported an XSS in the Press This function (used\nfor quick publishing using a browser bookmarklet).\n\nCVE-2014-9036\nRobert Chapin reported an XSS in the HTML filtering of CSS in posts.\n\nCVE-2014-9037\nDavid Anderson reported a hash comparison vulnerability for\npasswords stored using the old-style MD5 scheme. While unlikely,\nthis could be exploited to compromise an account, if the user had\nnot logged in after a Wordpress 2.5 update (uploaded to Debian on 2\nApr, 2008) and the password MD5 hash could be collided with due to\nPHP dynamic comparison.\n\nCVE-2014-9038\nBen Bidner reported a server side request forgery (SSRF) in the core\nHTTP layer which unsufficiently blocked the loopback IP address\nspace.\n\nCVE-2014-9039\nMomen Bassel, Tanoy Bose, and Bojan Slavkovic reported a\nvulnerability in the password reset process: an email address change\nwould not invalidate a previous password reset email.", "cvss3": {}, "published": "2014-12-03T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3085-1 (wordpress - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9031", "CVE-2014-9039", "CVE-2014-9035", "CVE-2014-9033", "CVE-2014-9036", "CVE-2014-9037", "CVE-2014-9034", "CVE-2014-9038"], "modified": "2017-07-17T00:00:00", "id": "OPENVAS:703085", "href": "http://plugins.openvas.org/nasl.php?oid=703085", "sourceData": "########################################################################\n# OpenVAS Vulnerability Test\n# $Id: deb_3085.nasl 6735 2017-07-17 09:56:49Z teissa $\n# Auto-generated from advisory DSA 3085-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n#############################################################################\n\nif(description)\n{\n script_id(703085);\n script_version(\"$Revision: 6735 $\");\n script_cve_id(\"CVE-2014-9031\", \"CVE-2014-9033\", \"CVE-2014-9034\", \"CVE-2014-9035\",\n \"CVE-2014-9036\", \"CVE-2014-9037\", \"CVE-2014-9038\", \"CVE-2014-9039\");\n script_name(\"Debian Security Advisory DSA 3085-1 (wordpress - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-17 11:56:49 +0200 (Mon, 17 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2014-12-03 00:00:00 +0100 (Wed, 03 Dec 2014)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2014/dsa-3085.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"wordpress on Debian Linux\");\n script_tag(name: \"insight\", value: \"WordPress is a full featured web blogging tool:\n\n* Instant publishing (no rebuilding)\n* Comment pingback support with spam protection\n* Non-crufty URLs\n* Themable\n* Plugin support\");\n script_tag(name: \"solution\", value: \"For the stable distribution (wheezy),\nthese problems have been fixed in version 3.6.1+dfsg-1~deb7u5.\n\nFor the upcoming stable distribution (jessie), these problems have been\nfixed in version 4.0.1+dfsg-1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 4.0.1+dfsg-1.\n\nWe recommend that you upgrade your wordpress packages.\");\n script_tag(name: \"summary\", value: \"Multiple security issues have been\ndiscovered in Wordpress, a web blogging tool, resulting in denial of service\nor information disclosure. More information can be found in the upstream advisory\nat https://wordpress.org/news/2014/11/wordpress-4-0-1/CVE-2014-9031\nJouko Pynnonen discovered an unauthenticated cross site scripting\nvulnerability (XSS) in wptexturize(), exploitable via comments or\nposts.\n\nCVE-2014-9033\nCross site request forgery (CSRF) vulnerability in the password\nchanging process, which could be used by an attacker to trick an\nuser into changing her password.\n\nCVE-2014-9034\nJavier Nieto Arevalo and Andres Rojas Guerrero reported a potential\ndenial of service in the way the phpass library is used to handle\npasswords, since no maximum password length was set.\n\nCVE-2014-9035John Blackbourn reported an XSS in the Press This function (used\nfor quick publishing using a browser bookmarklet).\n\nCVE-2014-9036\nRobert Chapin reported an XSS in the HTML filtering of CSS in posts.\n\nCVE-2014-9037\nDavid Anderson reported a hash comparison vulnerability for\npasswords stored using the old-style MD5 scheme. While unlikely,\nthis could be exploited to compromise an account, if the user had\nnot logged in after a Wordpress 2.5 update (uploaded to Debian on 2\nApr, 2008) and the password MD5 hash could be collided with due to\nPHP dynamic comparison.\n\nCVE-2014-9038\nBen Bidner reported a server side request forgery (SSRF) in the core\nHTTP layer which unsufficiently blocked the loopback IP address\nspace.\n\nCVE-2014-9039\nMomen Bassel, Tanoy Bose, and Bojan Slavkovic reported a\nvulnerability in the password reset process: an email address change\nwould not invalidate a previous password reset email.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"wordpress\", ver:\"3.6.1+dfsg-1~deb7u5\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"wordpress-l10n\", ver:\"3.6.1+dfsg-1~deb7u5\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:36:35", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-01-05T00:00:00", "type": "openvas", "title": "Fedora Update for wordpress FEDORA-2014-15560", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9031", "CVE-2014-9039", "CVE-2014-9035", "CVE-2014-9033", "CVE-2014-9036", "CVE-2014-9037", "CVE-2014-9034", "CVE-2014-9032", "CVE-2014-9038"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310868799", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868799", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for wordpress FEDORA-2014-15560\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868799\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-01-05 14:53:32 +0100 (Mon, 05 Jan 2015)\");\n script_cve_id(\"CVE-2014-9031\", \"CVE-2014-9032\", \"CVE-2014-9033\", \"CVE-2014-9034\",\n \"CVE-2014-9035\", \"CVE-2014-9036\", \"CVE-2014-9037\", \"CVE-2014-9038\",\n \"CVE-2014-9039\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for wordpress FEDORA-2014-15560\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'wordpress'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"wordpress on Fedora 21\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2014-15560\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-December/145372.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC21\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC21\")\n{\n\n if ((res = isrpmvuln(pkg:\"wordpress\", rpm:\"wordpress~4.0.1~1.fc21\", rls:\"FC21\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:10", "description": "Check the version of wordpress", "cvss3": {}, "published": "2014-12-03T00:00:00", "type": "openvas", "title": "Fedora Update for wordpress FEDORA-2014-15507", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9031", "CVE-2014-9039", "CVE-2014-9035", "CVE-2014-9033", "CVE-2014-9036", "CVE-2014-9037", "CVE-2014-9034", "CVE-2014-9032", "CVE-2014-0166", "CVE-2014-9038", "CVE-2014-0165"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310868542", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868542", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for wordpress FEDORA-2014-15507\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868542\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-12-03 06:36:41 +0100 (Wed, 03 Dec 2014)\");\n script_cve_id(\"CVE-2014-0165\", \"CVE-2014-0166\", \"CVE-2014-9031\", \"CVE-2014-9032\",\n \"CVE-2014-9033\", \"CVE-2014-9034\", \"CVE-2014-9035\", \"CVE-2014-9036\",\n \"CVE-2014-9037\", \"CVE-2014-9038\", \"CVE-2014-9039\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for wordpress FEDORA-2014-15507\");\n script_tag(name:\"summary\", value:\"Check the version of wordpress\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"wordpress on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2014-15507\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-December/145127.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"wordpress\", rpm:\"wordpress~4.0.1~1.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:23", "description": "Check the version of wordpress", "cvss3": {}, "published": "2014-12-03T00:00:00", "type": "openvas", "title": "Fedora Update for wordpress FEDORA-2014-15526", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9031", "CVE-2014-9039", "CVE-2013-2173", "CVE-2013-4339", "CVE-2013-2201", "CVE-2013-2199", "CVE-2014-9035", "CVE-2014-9033", "CVE-2014-9036", "CVE-2013-4340", "CVE-2014-9037", "CVE-2013-2203", "CVE-2014-9034", "CVE-2014-9032", "CVE-2014-0166", "CVE-2014-9038", "CVE-2013-2202", "CVE-2013-4338", "CVE-2013-2200", "CVE-2014-0165", "CVE-2013-2204"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310868539", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868539", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for wordpress FEDORA-2014-15526\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868539\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-12-03 06:34:33 +0100 (Wed, 03 Dec 2014)\");\n script_cve_id(\"CVE-2014-0165\", \"CVE-2014-0166\", \"CVE-2013-4338\", \"CVE-2013-4339\",\n \"CVE-2013-4340\", \"CVE-2013-2173\", \"CVE-2013-2199\", \"CVE-2013-2200\",\n \"CVE-2013-2201\", \"CVE-2013-2202\", \"CVE-2013-2203\", \"CVE-2013-2204\",\n \"CVE-2014-9031\", \"CVE-2014-9032\", \"CVE-2014-9033\", \"CVE-2014-9034\",\n \"CVE-2014-9035\", \"CVE-2014-9036\", \"CVE-2014-9037\", \"CVE-2014-9038\",\n \"CVE-2014-9039\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for wordpress FEDORA-2014-15526\");\n script_tag(name:\"summary\", value:\"Check the version of wordpress\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"wordpress on Fedora 19\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2014-15526\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-December/145140.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC19\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"wordpress\", rpm:\"wordpress~4.0.1~1.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:52", "description": "Wordpress is an online publishing / weblog package that makes it very easy, almost trivial, to get information out to people on the web. Important information in /usr/share/doc/wordpress/README.fedora ", "cvss3": {}, "published": "2014-12-06T10:12:34", "type": "fedora", "title": "[SECURITY] Fedora 21 Update: wordpress-4.0.1-1.fc21", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9031", "CVE-2014-9032", "CVE-2014-9033", "CVE-2014-9035", "CVE-2014-9036", "CVE-2014-9037", "CVE-2014-9038", "CVE-2014-9039"], "modified": "2014-12-06T10:12:34", "id": "FEDORA:6C97D60DF390", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/6YPKGEMMGSGMTZ6D2QNKVZCHYZOGMIOD/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "description": "Wordpress is an online publishing / weblog package that makes it very easy, almost trivial, to get information out to people on the web. Important information in /usr/share/doc/wordpress/README.fedora ", "cvss3": {}, "published": "2014-12-03T01:03:45", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: wordpress-4.0.1-1.fc20", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0165", "CVE-2014-0166", "CVE-2014-9031", "CVE-2014-9032", "CVE-2014-9033", "CVE-2014-9035", "CVE-2014-9036", "CVE-2014-9037", "CVE-2014-9038", "CVE-2014-9039"], "modified": "2014-12-03T01:03:45", "id": "FEDORA:A3C116087980", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/CQQHADRASLJDFCXLYRIB3CERL2YKKRZO/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "description": "Wordpress is an online publishing / weblog package that makes it very easy, almost trivial, to get information out to people on the web. Important information in /usr/share/doc/wordpress-4.0.1/README.fedora ", "cvss3": {}, "published": "2014-12-03T01:05:40", "type": "fedora", "title": "[SECURITY] Fedora 19 Update: wordpress-4.0.1-1.fc19", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-2173", "CVE-2013-2199", "CVE-2013-2200", "CVE-2013-2201", "CVE-2013-2202", "CVE-2013-2203", "CVE-2013-2204", "CVE-2013-4338", "CVE-2013-4339", "CVE-2013-4340", "CVE-2014-0165", "CVE-2014-0166", "CVE-2014-9031", "CVE-2014-9032", "CVE-2014-9033", "CVE-2014-9035", "CVE-2014-9036", "CVE-2014-9037", "CVE-2014-9038", "CVE-2014-9039"], "modified": "2014-12-03T01:05:40", "id": "FEDORA:8160260CC88B", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/7MIXHKOGNUZATGUBFUCJVDAZFTQHF3ZK/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2021-10-21T23:01:05", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3085-1 security@debian.org\nhttp://www.debian.org/security/ Yves-Alexis Perez\nDecember 03, 2014 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : wordpress\nCVE ID : CVE-2014-9031 CVE-2014-9033 CVE-2014-9034 CVE-2014-9035 \n CVE-2014-9036 CVE-2014-9037 CVE-2014-9038 CVE-2014-9039\nDebian Bug : 770425\n\nMultiple security issues have been discovered in Wordpress, a web\nblogging tool, resulting in denial of service or information disclosure.\nMore information can be found in the upstream advisory at\nhttps://wordpress.org/news/2014/11/wordpress-4-0-1/\n\nCVE-2014-9031\n\n Jouko Pynnonen discovered an unauthenticated cross site scripting\n vulnerability (XSS) in wptexturize(), exploitable via comments or\n posts.\n\nCVE-2014-9033\n\n Cross site request forgery (CSRF) vulnerability in the password\n changing process, which could be used by an attacker to trick an\n user into changing her password.\n\nCVE-2014-9034\n\n Javier Nieto Arevalo and Andres Rojas Guerrero reported a potential\n denial of service in the way the phpass library is used to handle\n passwords, since no maximum password length was set.\n\nCVE-2014-9035\n\n John Blackbourn reported an XSS in the "Press This" function (used\n for quick publishing using a browser "bookmarklet").\n\nCVE-2014-9036\n\n Robert Chapin reported an XSS in the HTML filtering of CSS in posts.\n\nCVE-2014-9037\n\n David Anderson reported a hash comparison vulnerability for\n passwords stored using the old-style MD5 scheme. While unlikely,\n this could be exploited to compromise an account, if the user had\n not logged in after a Wordpress 2.5 update (uploaded to Debian on 2\n Apr, 2008) and the password MD5 hash could be collided with due to\n PHP dynamic comparison.\n\nCVE-2014-9038\n\n Ben Bidner reported a server side request forgery (SSRF) in the core\n HTTP layer which unsufficiently blocked the loopback IP address\n space.\n\nCVE-2014-9039\n\n Momen Bassel, Tanoy Bose, and Bojan Slavkovic reported a\n vulnerability in the password reset process: an email address change\n would not invalidate a previous password reset email.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 3.6.1+dfsg-1~deb7u5.\n\nFor the upcoming stable distribution (jessie), these problems have been\nfixed in version 4.0.1+dfsg-1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 4.0.1+dfsg-1.\n\nWe recommend that you upgrade your wordpress packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {}, "published": "2014-12-03T08:38:56", "type": "debian", "title": "[SECURITY] [DSA 3085-1] wordpress security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9031", "CVE-2014-9033", "CVE-2014-9034", "CVE-2014-9035", "CVE-2014-9036", "CVE-2014-9037", "CVE-2014-9038", "CVE-2014-9039"], "modified": "2014-12-03T08:38:56", "id": "DEBIAN:DSA-3085-1:048BF", "href": "https://lists.debian.org/debian-security-announce/2014/msg00275.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-11-30T03:34:03", "description": "Package : wordpress\nVersion : 3.6.1+dfsg-1~deb6u6\nCVE ID : CVE-2014-9031 CVE-2014-9033 CVE-2014-9034 CVE-2014-9035 \n CVE-2014-9036 CVE-2014-9037 CVE-2014-9038 CVE-2014-9039 CVE-2015-3438 CVE-2015-3439 CVE-2015-3440\nDebian Bug : #783347 #783554 #770425\n\nIn the Debian squeeze-lts version of Wordpress, multiple security issues\nhave been fixed: \n\n Remote attackers could...\n * ... upload files with invalid or unsafe names\n * ... mount social engineering attacks\n * ... compromise a site via cross-site scripting\n * ... inject SQL commands\n * ... cause denial of service or information disclosure\n\nCVE-2014-9031\n\n Jouko Pynnonen discovered an unauthenticated cross site scripting\n vulnerability (XSS) in wptexturize(), exploitable via comments or\n posts.\n\nCVE-2014-9033\n\n Cross site request forgery (CSRF) vulnerability in the password\n changing process, which could be used by an attacker to trick an user\n into changing her password.\n\nCVE-2014-9034\n\n Javier Nieto Arevalo and Andres Rojas Guerrero reported a potential\n denial of service in the way the phpass library is used to handle\n passwords, since no maximum password length was set.\n\nCVE-2014-9035\n\n John Blackbourn reported an XSS in the "Press This" function (used\n for quick publishing using a browser "bookmarklet").\n\nCVE-2014-9036\n\n Robert Chapin reported an XSS in the HTML filtering of CSS in posts.\n\nCVE-2014-9037\n\n David Anderson reported a hash comparison vulnerability for passwords\n stored using the old-style MD5 scheme. While unlikely, this could be\n exploited to compromise an account, if the user had not logged in\n after a Wordpress 2.5 update (uploaded to Debian on 2 Apr, 2008) and\n the password MD5 hash could be collided with due to PHP dynamic\n comparison.\n\nCVE-2014-9038\n\n Ben Bidner reported a server side request forgery (SSRF) in the core\n HTTP layer which unsufficiently blocked the loopback IP address\n space.\n\nCVE-2014-9039\n\n Momen Bassel, Tanoy Bose, and Bojan Slavkovic reported a\n vulnerability in the password reset process: an email address change\n would not invalidate a previous password reset email.\n\nCVE-2015-3438\n\n Cedric Van Bockhaven reported and Gary Pendergast, Mike Adams, and Andrew Nacin of the\n WordPress security team fixed a cross-site-scripting vulnerabilitity, which could enable anonymous users\n to compromise a site. \n\nCVE-2015-3439\n\n Jakub Zoczek discovered a very limited cross-site scripting\n vulnerability, that could be used as part of a social engineering\n attack.\n\nCVE-2015-3440\n\n Jouko Pynn\u00f6nen discovered a cross-site scripting vulnerability,\n which could enable commenters to compromise a site.\n\n-- \n\nmike gabriel aka sunweaver (Debian Developer)\nfon: +49 (1520) 1976 148\n\nGnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31\nmail: sunweaver@debian.org, http://sunweavers.net\n\nAttachment:\nsignature.asc\nDescription: Digital signature\n", "cvss3": {}, "published": "2015-06-01T12:11:28", "type": "debian", "title": "[SECURITY] [DLA 236-1] wordpress security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9031", "CVE-2014-9033", "CVE-2014-9034", "CVE-2014-9035", "CVE-2014-9036", "CVE-2014-9037", "CVE-2014-9038", "CVE-2014-9039", "CVE-2015-3438", "CVE-2015-3439", "CVE-2015-3440"], "modified": "2015-06-01T12:11:28", "id": "DEBIAN:DLA-236-1:57EB8", "href": "https://lists.debian.org/debian-lts-announce/2015/06/msg00000.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-23T22:27:36", "description": "Package : wordpress\nVersion : 3.6.1+dfsg-1~deb6u6\nCVE ID : CVE-2014-9031 CVE-2014-9033 CVE-2014-9034 CVE-2014-9035 \n CVE-2014-9036 CVE-2014-9037 CVE-2014-9038 CVE-2014-9039 CVE-2015-3438 CVE-2015-3439 CVE-2015-3440\nDebian Bug : #783347 #783554 #770425\n\nIn the Debian squeeze-lts version of Wordpress, multiple security issues\nhave been fixed: \n\n Remote attackers could...\n * ... upload files with invalid or unsafe names\n * ... mount social engineering attacks\n * ... compromise a site via cross-site scripting\n * ... inject SQL commands\n * ... cause denial of service or information disclosure\n\nCVE-2014-9031\n\n Jouko Pynnonen discovered an unauthenticated cross site scripting\n vulnerability (XSS) in wptexturize(), exploitable via comments or\n posts.\n\nCVE-2014-9033\n\n Cross site request forgery (CSRF) vulnerability in the password\n changing process, which could be used by an attacker to trick an user\n into changing her password.\n\nCVE-2014-9034\n\n Javier Nieto Arevalo and Andres Rojas Guerrero reported a potential\n denial of service in the way the phpass library is used to handle\n passwords, since no maximum password length was set.\n\nCVE-2014-9035\n\n John Blackbourn reported an XSS in the "Press This" function (used\n for quick publishing using a browser "bookmarklet").\n\nCVE-2014-9036\n\n Robert Chapin reported an XSS in the HTML filtering of CSS in posts.\n\nCVE-2014-9037\n\n David Anderson reported a hash comparison vulnerability for passwords\n stored using the old-style MD5 scheme. While unlikely, this could be\n exploited to compromise an account, if the user had not logged in\n after a Wordpress 2.5 update (uploaded to Debian on 2 Apr, 2008) and\n the password MD5 hash could be collided with due to PHP dynamic\n comparison.\n\nCVE-2014-9038\n\n Ben Bidner reported a server side request forgery (SSRF) in the core\n HTTP layer which unsufficiently blocked the loopback IP address\n space.\n\nCVE-2014-9039\n\n Momen Bassel, Tanoy Bose, and Bojan Slavkovic reported a\n vulnerability in the password reset process: an email address change\n would not invalidate a previous password reset email.\n\nCVE-2015-3438\n\n Cedric Van Bockhaven reported and Gary Pendergast, Mike Adams, and Andrew Nacin of the\n WordPress security team fixed a cross-site-scripting vulnerabilitity, which could enable anonymous users\n to compromise a site. \n\nCVE-2015-3439\n\n Jakub Zoczek discovered a very limited cross-site scripting\n vulnerability, that could be used as part of a social engineering\n attack.\n\nCVE-2015-3440\n\n Jouko Pynn\u00f6nen discovered a cross-site scripting vulnerability,\n which could enable commenters to compromise a site.\n\n-- \n\nmike gabriel aka sunweaver (Debian Developer)\nfon: +49 (1520) 1976 148\n\nGnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31\nmail: sunweaver@debian.org, http://sunweavers.net\n\nAttachment:\nsignature.asc\nDescription: Digital signature\n", "cvss3": {}, "published": "2015-06-01T12:11:28", "type": "debian", "title": "[SECURITY] [DLA 236-1] wordpress security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9031", "CVE-2014-9033", "CVE-2014-9034", "CVE-2014-9035", "CVE-2014-9036", "CVE-2014-9037", "CVE-2014-9038", "CVE-2014-9039", "CVE-2015-3438", "CVE-2015-3439", "CVE-2015-3440"], "modified": "2015-06-01T12:11:28", "id": "DEBIAN:DLA-236-1:5BEAE", "href": "https://lists.debian.org/debian-lts-announce/2015/06/msg00000.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "freebsd": [{"lastseen": "2022-01-19T15:51:32", "description": "\n\nMITRE reports:\n\nwp-login.php in WordPress before 3.7.5, 3.8.x before\n\t 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow\n\t remote attackers to reset passwords by leveraging access to\n\t an e-mail account that received a password-reset message.\n\n\nwp-includes/http.php in WordPress before 3.7.5, 3.8.x\n\t before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1\n\t allows remote attackers to conduct server-side request\n\t forgery (SSRF) attacks by referring to a 127.0.0.0/8\n\t resource.\n\n\nWordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before\n\t 3.9.3, and 4.x before 4.0.1 might allow remote attackers to\n\t obtain access to an account idle since 2008 by leveraging an\n\t improper PHP dynamic type comparison for an MD5 hash.\n\n\nCross-site scripting (XSS) vulnerability in WordPress\n\t before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and\n\t 4.x before 4.0.1 allows remote attackers to inject arbitrary\n\t web script or HTML via a crafted Cascading Style Sheets\n\t (CSS) token sequence in a post.\n\n\nCross-site scripting (XSS) vulnerability in Press This in\n\t WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before\n\t 3.9.3, and 4.x before 4.0.1 allows remote attackers to\n\t inject arbitrary web script or HTML via unspecified\n\t vectors\n\n\nwp-includes/class-phpass.php in WordPress before 3.7.5,\n\t 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1\n\t allows remote attackers to cause a denial of service (CPU\n\t consumption) via a long password that is improperly handled\n\t during hashing, a similar issue to CVE-2014-9016.\n\n\nCross-site request forgery (CSRF) vulnerability in\n\t wp-login.php in WordPress 3.7.4, 3.8.4, 3.9.2, and 4.0\n\t allows remote attackers to hijack the authentication of\n\t arbitrary users for requests that reset passwords.\n\n\n", "cvss3": {}, "published": "2014-11-25T00:00:00", "type": "freebsd", "title": "wordpress -- multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9016", "CVE-2014-9033", "CVE-2014-9034", "CVE-2014-9035", "CVE-2014-9036", "CVE-2014-9037", "CVE-2014-9038", "CVE-2014-9039"], "modified": "2014-11-25T00:00:00", "id": "5E135178-8AEB-11E4-801F-0022156E8794", "href": "https://vuxml.freebsd.org/freebsd/5e135178-8aeb-11e4-801f-0022156e8794.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-08-19T12:47:49", "description": "Multiple security issues have been discovered in Wordpress, a web blogging tool, resulting in denial of service or information disclosure. More information can be found in the upstream advisory at\n\n - CVE-2014-9031 Jouko Pynnonen discovered an unauthenticated cross site scripting vulnerability (XSS) in wptexturize(), exploitable via comments or posts.\n\n - CVE-2014-9033 Cross site request forgery (CSRF) vulnerability in the password changing process, which could be used by an attacker to trick an user into changing her password.\n\n - CVE-2014-9034 Javier Nieto Arevalo and Andres Rojas Guerrero reported a potential denial of service in the way the phpass library is used to handle passwords, since no maximum password length was set.\n\n - CVE-2014-9035 John Blackbourn reported an XSS in the 'Press This' function (used for quick publishing using a browser 'bookmarklet').\n\n - CVE-2014-9036 Robert Chapin reported an XSS in the HTML filtering of CSS in posts.\n\n - CVE-2014-9037 David Anderson reported a hash comparison vulnerability for passwords stored using the old-style MD5 scheme.\n While unlikely, this could be exploited to compromise an account, if the user had not logged in after a Wordpress 2.5 update (uploaded to Debian on 2 Apr, 2008) and the password MD5 hash could be collided with due to PHP dynamic comparison.\n\n - CVE-2014-9038 Ben Bidner reported a server side request forgery (SSRF) in the core HTTP layer which unsufficiently blocked the loopback IP address space.\n\n - CVE-2014-9039 Momen Bassel, Tanoy Bose, and Bojan Slavkovic reported a vulnerability in the password reset process: an email address change would not invalidate a previous password reset email.", "cvss3": {"score": null, "vector": null}, "published": "2014-12-04T00:00:00", "type": "nessus", "title": "Debian DSA-3085-1 : wordpress - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9031", "CVE-2014-9033", "CVE-2014-9034", "CVE-2014-9035", "CVE-2014-9036", "CVE-2014-9037", "CVE-2014-9038", "CVE-2014-9039"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:wordpress", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DSA-3085.NASL", "href": "https://www.tenable.com/plugins/nessus/79696", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3085. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79696);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-9031\", \"CVE-2014-9033\", \"CVE-2014-9034\", \"CVE-2014-9035\", \"CVE-2014-9036\", \"CVE-2014-9037\", \"CVE-2014-9038\", \"CVE-2014-9039\");\n script_bugtraq_id(71231, 71232, 71233, 71234, 71236, 71237, 71238);\n script_xref(name:\"DSA\", value:\"3085\");\n\n script_name(english:\"Debian DSA-3085-1 : wordpress - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple security issues have been discovered in Wordpress, a web\nblogging tool, resulting in denial of service or information\ndisclosure. More information can be found in the upstream advisory at\n\n - CVE-2014-9031\n Jouko Pynnonen discovered an unauthenticated cross site\n scripting vulnerability (XSS) in wptexturize(),\n exploitable via comments or posts.\n\n - CVE-2014-9033\n Cross site request forgery (CSRF) vulnerability in the\n password changing process, which could be used by an\n attacker to trick an user into changing her password.\n\n - CVE-2014-9034\n Javier Nieto Arevalo and Andres Rojas Guerrero reported\n a potential denial of service in the way the phpass\n library is used to handle passwords, since no maximum\n password length was set.\n\n - CVE-2014-9035\n John Blackbourn reported an XSS in the 'Press This'\n function (used for quick publishing using a browser\n 'bookmarklet').\n\n - CVE-2014-9036\n Robert Chapin reported an XSS in the HTML filtering of\n CSS in posts.\n\n - CVE-2014-9037\n David Anderson reported a hash comparison vulnerability\n for passwords stored using the old-style MD5 scheme.\n While unlikely, this could be exploited to compromise an\n account, if the user had not logged in after a Wordpress\n 2.5 update (uploaded to Debian on 2 Apr, 2008) and the\n password MD5 hash could be collided with due to PHP\n dynamic comparison.\n\n - CVE-2014-9038\n Ben Bidner reported a server side request forgery (SSRF)\n in the core HTTP layer which unsufficiently blocked the\n loopback IP address space.\n\n - CVE-2014-9039\n Momen Bassel, Tanoy Bose, and Bojan Slavkovic reported a\n vulnerability in the password reset process: an email\n address change would not invalidate a previous password\n reset email.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770425\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-9031\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-9033\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-9034\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-9035\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-9036\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-9037\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-9038\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-9039\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/wordpress\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2014/dsa-3085\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the wordpress packages.\n\nFor the stable distribution (wheezy), these problems have been fixed\nin version 3.6.1+dfsg-1~deb7u5.\n\nFor the upcoming stable distribution (jessie), these problems have\nbeen fixed in version 4.0.1+dfsg-1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:wordpress\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"wordpress\", reference:\"3.6.1+dfsg-1~deb7u5\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"wordpress-l10n\", reference:\"3.6.1+dfsg-1~deb7u5\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-03-27T14:50:40", "description": "MITRE reports :\n\nwp-login.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to reset passwords by leveraging access to an e-mail account that received a password-reset message.\n\nwp-includes/http.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to conduct server-side request forgery (SSRF) attacks by referring to a 127.0.0.0/8 resource.\n\nWordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to obtain access to an account idle since 2008 by leveraging an improper PHP dynamic type comparison for an MD5 hash.\n\nCross-site scripting (XSS) vulnerability in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted Cascading Style Sheets (CSS) token sequence in a post.\n\nCross-site scripting (XSS) vulnerability in Press This in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors\n\nwp-includes/class-phpass.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to cause a denial of service (CPU consumption) via a long password that is improperly handled during hashing, a similar issue to CVE-2014-9016.\n\nCross-site request forgery (CSRF) vulnerability in wp-login.php in WordPress 3.7.4, 3.8.4, 3.9.2, and 4.0 allows remote attackers to hijack the authentication of arbitrary users for requests that reset passwords.", "cvss3": {"score": null, "vector": null}, "published": "2015-01-05T00:00:00", "type": "nessus", "title": "FreeBSD : wordpress -- multiple vulnerabilities (5e135178-8aeb-11e4-801f-0022156e8794)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9016", "CVE-2014-9033", "CVE-2014-9034", "CVE-2014-9035", "CVE-2014-9036", "CVE-2014-9037", "CVE-2014-9038", "CVE-2014-9039"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:de-wordpress", "p-cpe:/a:freebsd:freebsd:ja-wordpress", "p-cpe:/a:freebsd:freebsd:ru-wordpress", "p-cpe:/a:freebsd:freebsd:wordpress", "p-cpe:/a:freebsd:freebsd:zh-wordpress", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_5E1351788AEB11E4801F0022156E8794.NASL", "href": "https://www.tenable.com/plugins/nessus/80350", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80350);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2014-9033\", \"CVE-2014-9034\", \"CVE-2014-9035\", \"CVE-2014-9036\", \"CVE-2014-9037\", \"CVE-2014-9038\", \"CVE-2014-9039\");\n\n script_name(english:\"FreeBSD : wordpress -- multiple vulnerabilities (5e135178-8aeb-11e4-801f-0022156e8794)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"MITRE reports :\n\nwp-login.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x\nbefore 3.9.3, and 4.x before 4.0.1 might allow remote attackers to\nreset passwords by leveraging access to an e-mail account that\nreceived a password-reset message.\n\nwp-includes/http.php in WordPress before 3.7.5, 3.8.x before 3.8.5,\n3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to\nconduct server-side request forgery (SSRF) attacks by referring to a\n127.0.0.0/8 resource.\n\nWordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and\n4.x before 4.0.1 might allow remote attackers to obtain access to an\naccount idle since 2008 by leveraging an improper PHP dynamic type\ncomparison for an MD5 hash.\n\nCross-site scripting (XSS) vulnerability in WordPress before 3.7.5,\n3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows\nremote attackers to inject arbitrary web script or HTML via a crafted\nCascading Style Sheets (CSS) token sequence in a post.\n\nCross-site scripting (XSS) vulnerability in Press This in WordPress\nbefore 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before\n4.0.1 allows remote attackers to inject arbitrary web script or HTML\nvia unspecified vectors\n\nwp-includes/class-phpass.php in WordPress before 3.7.5, 3.8.x before\n3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote\nattackers to cause a denial of service (CPU consumption) via a long\npassword that is improperly handled during hashing, a similar issue to\nCVE-2014-9016.\n\nCross-site request forgery (CSRF) vulnerability in wp-login.php in\nWordPress 3.7.4, 3.8.4, 3.9.2, and 4.0 allows remote attackers to\nhijack the authentication of arbitrary users for requests that reset\npasswords.\"\n );\n # https://vuxml.freebsd.org/freebsd/5e135178-8aeb-11e4-801f-0022156e8794.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ce00fb34\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:de-wordpress\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:ja-wordpress\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:ru-wordpress\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:wordpress\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:zh-wordpress\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/11/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"wordpress<3.7.5,1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"wordpress>=3.8,1<3.8.5,1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"wordpress>=3.9,1<3.9.3,1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"wordpress>=4.0,1<4.0.1,1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"zh-wordpress<3.7.5\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"zh-wordpress>=3.8<3.8.5\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"zh-wordpress>=3.9<3.9.3\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"zh-wordpress>=4.0<4.0.1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"de-wordpress<3.7.5\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"de-wordpress>=3.8<3.8.5\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"de-wordpress>=3.9<3.9.3\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"de-wordpress>=4.0<4.0.1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"ja-wordpress<3.7.5\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"ja-wordpress>=3.8<3.8.5\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"ja-wordpress>=3.9<3.9.3\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"ja-wordpress>=4.0<4.0.1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"ru-wordpress<3.7.5\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"ru-wordpress>=3.8<3.8.5\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"ru-wordpress>=3.9<3.9.3\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"ru-wordpress>=4.0<4.0.1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:47:29", "description": "WordPress 4.0.1 Security Release\n\nSee: https://wordpress.org/news/2014/11/wordpress-4-0-1/\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2014-12-07T00:00:00", "type": "nessus", "title": "Fedora 21 : wordpress-4.0.1-1.fc21 (2014-15560)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9031", "CVE-2014-9032", "CVE-2014-9033", "CVE-2014-9034", "CVE-2014-9035", "CVE-2014-9036", "CVE-2014-9037", "CVE-2014-9038", "CVE-2014-9039"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:wordpress", "cpe:/o:fedoraproject:fedora:21"], "id": "FEDORA_2014-15560.NASL", "href": "https://www.tenable.com/plugins/nessus/79774", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-15560.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79774);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-9031\", \"CVE-2014-9032\", \"CVE-2014-9033\", \"CVE-2014-9034\", \"CVE-2014-9035\", \"CVE-2014-9036\", \"CVE-2014-9037\", \"CVE-2014-9038\", \"CVE-2014-9039\");\n script_bugtraq_id(71231, 71232, 71233, 71234, 71236, 71237, 71238);\n script_xref(name:\"FEDORA\", value:\"2014-15560\");\n\n script_name(english:\"Fedora 21 : wordpress-4.0.1-1.fc21 (2014-15560)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"WordPress 4.0.1 Security Release\n\nSee: https://wordpress.org/news/2014/11/wordpress-4-0-1/\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1166468\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-December/145372.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?dae6b623\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://wordpress.org/news/2014/11/wordpress-4-0-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected wordpress package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:wordpress\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:21\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^21([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 21.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC21\", reference:\"wordpress-4.0.1-1.fc21\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wordpress\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:46:21", "description": "Versions of WordPress 3.7 prior to 3.7.5, 3.8.x prior to 3.8.5, 3.9.x prior to 3.9.3, and 4.x prior to 4.0.1 are susceptible to the following vulnerabilities : \n\n - Three cross-site scripting issues that a contributor or author could use to compromise a site. (CVE-2014-9032, CVE-2014-9035, CVE-2014-9036)\n\n - A cross-site request forgery that could be used to trick a user into changing their password.(CVE-2014-9039)\n\n - An issue that could lead to a denial of service when passwords are checked. (CVE-2014-9034)\n\n - Additional protections for server-side request forgery attacks when WordPress makes HTTP requests. (CVE-2014-9033)\n\n - An extremely unlikely hash collision could allow a user's account to be compromised, that also required that they haven't logged in since 2008. (CVE-2014-9037)\n\n - WordPress now invalidates the links in a password reset email if the user remembers their password, logs in, and changes their email address. (CVE-2014-9039)\n\n - WordPress versions 3.9.2 and earlier are affected by a cross-site scripting vulnerability which could enable an anonymous user to compromise the site. (CVE-2014-9031)", "cvss3": {"score": 7.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}, "published": "2015-03-12T00:00:00", "type": "nessus", "title": "WordPress 3.7 < 3.7.5 / 3.8 < 3.8.5 / 3.9 < 3.9.3 / 4.x < 4.0.1 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9038", "CVE-2014-9033", "CVE-2014-9034", "CVE-2014-9032", "CVE-2014-9035", "CVE-2014-9036", "CVE-2014-9031", "CVE-2014-9037", "CVE-2014-9039"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*"], "id": "8584.PRM", "href": "https://www.tenable.com/plugins/nnm/8584", "sourceData": "Binary data 8584.prm", "cvss": {"score": 7.5, "vector": "CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:47:56", "description": "According to its version number, the WordPress application installed on the remote web server is affected by multiple vulnerabilities :\n\n - Multiple unspecified errors exist that could allow cross-site scripting attacks.\n\n - An unspecified error exists that could allow cross-site request forgery attacks.\n\n - An error exists related to password handling that could allow denial of service attacks.\n\n - An unspecified error exists that could allow server-side request forgery attacks.\n\n - A hash collision error exists that could allow a user account to be compromised.\n\n - An error exists related to password reset processing that could allow a user account to be compromised.\n\n - An error exists related to the post or page comment field that could allow persistent cross-site scripting attacks.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": null, "vector": null}, "published": "2014-11-25T00:00:00", "type": "nessus", "title": "WordPress < 3.7.5 / 3.8.5 / 3.9.3 / 4.0.1 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9031", "CVE-2014-9032", "CVE-2014-9033", "CVE-2014-9034", "CVE-2014-9035", "CVE-2014-9036", "CVE-2014-9037", "CVE-2014-9038", "CVE-2014-9039"], "modified": "2021-01-19T00:00:00", "cpe": ["cpe:/a:wordpress:wordpress"], "id": "WORDPRESS_4_0_1.NASL", "href": "https://www.tenable.com/plugins/nessus/79437", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79437);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\n \"CVE-2014-9031\",\n \"CVE-2014-9032\",\n \"CVE-2014-9033\",\n \"CVE-2014-9034\",\n \"CVE-2014-9035\",\n \"CVE-2014-9036\",\n \"CVE-2014-9037\",\n \"CVE-2014-9038\",\n \"CVE-2014-9039\"\n );\n script_bugtraq_id(\n 71231,\n 71232,\n 71233,\n 71234,\n 71236,\n 71237,\n 71238\n );\n script_xref(name:\"EDB-ID\", value:\"35413\");\n script_xref(name:\"EDB-ID\", value:\"35414\");\n\n script_name(english:\"WordPress < 3.7.5 / 3.8.5 / 3.9.3 / 4.0.1 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version of WordPress.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server contains a PHP application that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its version number, the WordPress application installed\non the remote web server is affected by multiple vulnerabilities :\n\n - Multiple unspecified errors exist that could allow\n cross-site scripting attacks.\n\n - An unspecified error exists that could allow cross-site\n request forgery attacks.\n\n - An error exists related to password handling that could\n allow denial of service attacks.\n\n - An unspecified error exists that could allow server-side\n request forgery attacks.\n\n - A hash collision error exists that could allow a user\n account to be compromised.\n\n - An error exists related to password reset processing\n that could allow a user account to be compromised.\n\n - An error exists related to the post or page comment\n field that could allow persistent cross-site scripting\n attacks.\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://wordpress.org/news/2014/11/wordpress-4-0-1/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://codex.wordpress.org/Version_3.7.5\");\n script_set_attribute(attribute:\"see_also\", value:\"https://codex.wordpress.org/Version_3.8.5\");\n script_set_attribute(attribute:\"see_also\", value:\"https://codex.wordpress.org/Version_3.9.3\");\n script_set_attribute(attribute:\"see_also\", value:\"https://codex.wordpress.org/Version_4.0.1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to WordPress 3.7.5 / 3.8.5 / 3.9.3 / 4.0.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/11/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/25\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:wordpress:wordpress\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"wordpress_detect.nasl\");\n script_require_keys(\"www/PHP\", \"installed_sw/WordPress\", \"Settings/ParanoidReport\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"install_func.inc\");\n\napp = \"WordPress\";\nget_install_count(app_name:app, exit_if_zero:TRUE);\n\nport = get_http_port(default:80, php:TRUE);\n\ninstall = get_single_install(\n app_name : app,\n port : port,\n exit_if_unknown_ver : TRUE\n);\n\ndir = install['path'];\nversion = install['version'];\ninstall_url = build_url(port:port, qs:dir);\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nver = split(version, sep:\".\", keep:FALSE);\nfor (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\n# Versions less than 3.7.5 / 3.8.5 / 3.9.3 / 4.0.1 are vulnerable\n# https://wordpress.org/download/release-archive/\nif (\n # Short versions\n version == \"3.7\" || version == \"3.8\" ||\n version == \"3.9\" || version == \"4.0\" ||\n # Longer versions\n (ver[0] < 3) ||\n (ver[0] == 3 && ver[1] < 7) ||\n (ver[0] == 3 && ver[1] == 7 && ver[2] < 5) ||\n (ver[0] == 3 && ver[1] == 8 && ver[2] < 5) ||\n (ver[0] == 3 && ver[1] == 9 && ver[2] < 3) ||\n (ver[0] == 4 && ver[1] == 0 && ver[2] < 1) ||\n # Short beta / RC versions\n version =~ \"^(3\\.[789]|4\\.0)-(beta|RC)\\d($|[^0-9])\" ||\n # Longer beta / RC versions\n version =~ \"^(3\\.7\\.5|3\\.8\\.5|3\\.9\\.3|4\\.0\\.1)-(beta|RC)\\d($|[^0-9])\"\n)\n{\n set_kb_item(name:'www/'+port+'/XSS', value:TRUE);\n set_kb_item(name:'www/'+port+'/XSRF', value:TRUE);\n\n if (report_verbosity > 0)\n {\n report =\n '\\n URL : ' +install_url+\n '\\n Installed version : ' +version+\n '\\n Fixed version : 3.7.5 / 3.8.5 / 3.9.3 / 4.0.1' +\n '\\n';\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n}\nelse audit(AUDIT_WEB_APP_NOT_AFFECTED, app, install_url, version);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:48:02", "description": "Updated wordpress package fixes security vulnerabilities :\n\nXSS in wptexturize() via comments or posts, exploitable for unauthenticated users (CVE-2014-9031).\n\nXSS in media playlists (CVE-2014-9032).\n\nCSRF in the password reset process (CVE-2014-9033).\n\nDenial of service for giant passwords. The phpass library by Solar Designer was used in both projects without setting a maximum password length, which can lead to CPU exhaustion upon hashing (CVE-2014-9034).\n\nXSS in Press This (CVE-2014-9035).\n\nXSS in HTML filtering of CSS in posts (CVE-2014-9036).\n\nHash comparison vulnerability in old-style MD5-stored passwords (CVE-2014-9037).\n\nSSRF: Safe HTTP requests did not sufficiently block the loopback IP address space (CVE-2014-9038).\n\nPreviously an email address change would not invalidate a previous password reset email (CVE-2014-9039).", "cvss3": {"score": null, "vector": null}, "published": "2014-11-28T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : wordpress (MDVSA-2014:233)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9031", "CVE-2014-9032", "CVE-2014-9033", "CVE-2014-9034", "CVE-2014-9035", "CVE-2014-9036", "CVE-2014-9037", "CVE-2014-9038", "CVE-2014-9039"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:wordpress", "cpe:/o:mandriva:business_server:1"], "id": "MANDRIVA_MDVSA-2014-233.NASL", "href": "https://www.tenable.com/plugins/nessus/79613", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2014:233. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79613);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2014-9031\", \"CVE-2014-9032\", \"CVE-2014-9033\", \"CVE-2014-9034\", \"CVE-2014-9035\", \"CVE-2014-9036\", \"CVE-2014-9037\", \"CVE-2014-9038\", \"CVE-2014-9039\");\n script_bugtraq_id(71231, 71232, 71233, 71234, 71236, 71237, 71238);\n script_xref(name:\"MDVSA\", value:\"2014:233\");\n\n script_name(english:\"Mandriva Linux Security Advisory : wordpress (MDVSA-2014:233)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Mandriva Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated wordpress package fixes security vulnerabilities :\n\nXSS in wptexturize() via comments or posts, exploitable for\nunauthenticated users (CVE-2014-9031).\n\nXSS in media playlists (CVE-2014-9032).\n\nCSRF in the password reset process (CVE-2014-9033).\n\nDenial of service for giant passwords. The phpass library by Solar\nDesigner was used in both projects without setting a maximum password\nlength, which can lead to CPU exhaustion upon hashing (CVE-2014-9034).\n\nXSS in Press This (CVE-2014-9035).\n\nXSS in HTML filtering of CSS in posts (CVE-2014-9036).\n\nHash comparison vulnerability in old-style MD5-stored passwords\n(CVE-2014-9037).\n\nSSRF: Safe HTTP requests did not sufficiently block the loopback IP\naddress space (CVE-2014-9038).\n\nPreviously an email address change would not invalidate a previous\npassword reset email (CVE-2014-9039).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0493.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected wordpress package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:wordpress\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"wordpress-3.9.3-1.mbs1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:47:58", "description": "WordPress 4.0.1 Security Release\n\nSee: https://wordpress.org/news/2014/11/wordpress-4-0-1/\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2014-12-03T00:00:00", "type": "nessus", "title": "Fedora 20 : wordpress-4.0.1-1.fc20 (2014-15507)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9031", "CVE-2014-9032", "CVE-2014-9033", "CVE-2014-9034", "CVE-2014-9035", "CVE-2014-9036", "CVE-2014-9037", "CVE-2014-9038", "CVE-2014-9039"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:wordpress", "cpe:/o:fedoraproject:fedora:20"], "id": "FEDORA_2014-15507.NASL", "href": "https://www.tenable.com/plugins/nessus/79674", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-15507.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79674);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-9031\", \"CVE-2014-9032\", \"CVE-2014-9033\", \"CVE-2014-9034\", \"CVE-2014-9035\", \"CVE-2014-9036\", \"CVE-2014-9037\", \"CVE-2014-9038\", \"CVE-2014-9039\");\n script_bugtraq_id(71231, 71232, 71233, 71234, 71236, 71237, 71238);\n script_xref(name:\"FEDORA\", value:\"2014-15507\");\n\n script_name(english:\"Fedora 20 : wordpress-4.0.1-1.fc20 (2014-15507)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"WordPress 4.0.1 Security Release\n\nSee: https://wordpress.org/news/2014/11/wordpress-4-0-1/\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1166468\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-December/145127.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?88442d84\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://wordpress.org/news/2014/11/wordpress-4-0-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected wordpress package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:wordpress\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"wordpress-4.0.1-1.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wordpress\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:48:02", "description": "WordPress 4.0.1 Security Release\n\nSee: https://wordpress.org/news/2014/11/wordpress-4-0-1/\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2014-12-03T00:00:00", "type": "nessus", "title": "Fedora 19 : wordpress-4.0.1-1.fc19 (2014-15526)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9031", "CVE-2014-9032", "CVE-2014-9033", "CVE-2014-9034", "CVE-2014-9035", "CVE-2014-9036", "CVE-2014-9037", "CVE-2014-9038", "CVE-2014-9039"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:wordpress", "cpe:/o:fedoraproject:fedora:19"], "id": "FEDORA_2014-15526.NASL", "href": "https://www.tenable.com/plugins/nessus/79678", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-15526.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79678);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-9031\", \"CVE-2014-9032\", \"CVE-2014-9033\", \"CVE-2014-9034\", \"CVE-2014-9035\", \"CVE-2014-9036\", \"CVE-2014-9037\", \"CVE-2014-9038\", \"CVE-2014-9039\");\n script_bugtraq_id(71231, 71232, 71233, 71234, 71236, 71237, 71238);\n script_xref(name:\"FEDORA\", value:\"2014-15526\");\n\n script_name(english:\"Fedora 19 : wordpress-4.0.1-1.fc19 (2014-15526)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"WordPress 4.0.1 Security Release\n\nSee: https://wordpress.org/news/2014/11/wordpress-4-0-1/\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1166468\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-December/145140.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bbfad2b2\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://wordpress.org/news/2014/11/wordpress-4-0-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected wordpress package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:wordpress\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:19\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^19([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 19.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC19\", reference:\"wordpress-4.0.1-1.fc19\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wordpress\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:45:55", "description": "In the Debian squeeze-lts version of Wordpress, multiple security issues have been fixed :\n\nRemote attackers could...\n\n - ... upload files with invalid or unsafe names\n\n - ... mount social engineering attacks\n\n - ... compromise a site via cross-site scripting\n\n - ... inject SQL commands\n\n - ... cause denial of service or information disclosure\n\nCVE-2014-9031\n\nJouko Pynnonen discovered an unauthenticated cross site scripting vulnerability (XSS) in wptexturize(), exploitable via comments or posts.\n\nCVE-2014-9033\n\nCross site request forgery (CSRF) vulnerability in the password changing process, which could be used by an attacker to trick an user into changing her password.\n\nCVE-2014-9034\n\nJavier Nieto Arevalo and Andres Rojas Guerrero reported a potential denial of service in the way the phpass library is used to handle passwords, since no maximum password length was set.\n\nCVE-2014-9035\n\nJohn Blackbourn reported an XSS in the 'Press This' function (used for quick publishing using a browser 'bookmarklet').\n\nCVE-2014-9036\n\nRobert Chapin reported an XSS in the HTML filtering of CSS in posts.\n\nCVE-2014-9037\n\nDavid Anderson reported a hash comparison vulnerability for passwords stored using the old-style MD5 scheme. While unlikely, this could be exploited to compromise an account, if the user had not logged in after a Wordpress 2.5 update (uploaded to Debian on 2 Apr, 2008) and the password MD5 hash could be collided with due to PHP dynamic comparison.\n\nCVE-2014-9038\n\nBen Bidner reported a server side request forgery (SSRF) in the core HTTP layer which unsufficiently blocked the loopback IP address space.\n\nCVE-2014-9039\n\nMomen Bassel, Tanoy Bose, and Bojan Slavkovic reported a vulnerability in the password reset process: an email address change would not invalidate a previous password reset email.\n\nCVE-2015-3438\n\nCedric Van Bockhaven reported and Gary Pendergast, Mike Adams, and Andrew Nacin of the WordPress security team fixed a cross-site-scripting vulnerabilitity, which could enable anonymous users to compromise a site. \n\nCVE-2015-3439\n\nJakub Zoczek discovered a very limited cross-site scripting vulnerability, that could be used as part of a social engineering attack.\n\nCVE-2015-3440\n\nJouko Pynnönen discovered a cross-site scripting vulnerability, which could enable commenters to compromise a site.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2015-06-02T00:00:00", "type": "nessus", "title": "Debian DLA-236-1 : wordpress security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9031", "CVE-2014-9033", "CVE-2014-9034", "CVE-2014-9035", "CVE-2014-9036", "CVE-2014-9037", "CVE-2014-9038", "CVE-2014-9039", "CVE-2015-3438", "CVE-2015-3439", "CVE-2015-3440"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:wordpress", "p-cpe:/a:debian:debian_linux:wordpress-l10n", "cpe:/o:debian:debian_linux:6.0"], "id": "DEBIAN_DLA-236.NASL", "href": "https://www.tenable.com/plugins/nessus/83918", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-236-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(83918);\n script_version(\"2.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-9031\", \"CVE-2014-9033\", \"CVE-2014-9034\", \"CVE-2014-9035\", \"CVE-2014-9036\", \"CVE-2014-9037\", \"CVE-2014-9038\", \"CVE-2014-9039\", \"CVE-2015-3438\", \"CVE-2015-3439\", \"CVE-2015-3440\");\n script_bugtraq_id(71231, 71232, 71233, 71234, 71236, 71237, 71238, 74269, 74334);\n\n script_name(english:\"Debian DLA-236-1 : wordpress security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"In the Debian squeeze-lts version of Wordpress, multiple security\nissues have been fixed :\n\nRemote attackers could...\n\n - ... upload files with invalid or unsafe names\n\n - ... mount social engineering attacks\n\n - ... compromise a site via cross-site scripting\n\n - ... inject SQL commands\n\n - ... cause denial of service or information disclosure\n\nCVE-2014-9031\n\nJouko Pynnonen discovered an unauthenticated cross site scripting\nvulnerability (XSS) in wptexturize(), exploitable via comments or\nposts.\n\nCVE-2014-9033\n\nCross site request forgery (CSRF) vulnerability in the password\nchanging process, which could be used by an attacker to trick an user\ninto changing her password.\n\nCVE-2014-9034\n\nJavier Nieto Arevalo and Andres Rojas Guerrero reported a potential\ndenial of service in the way the phpass library is used to handle\npasswords, since no maximum password length was set.\n\nCVE-2014-9035\n\nJohn Blackbourn reported an XSS in the 'Press This' function (used for\nquick publishing using a browser 'bookmarklet').\n\nCVE-2014-9036\n\nRobert Chapin reported an XSS in the HTML filtering of CSS in posts.\n\nCVE-2014-9037\n\nDavid Anderson reported a hash comparison vulnerability for passwords\nstored using the old-style MD5 scheme. While unlikely, this could be\nexploited to compromise an account, if the user had not logged in\nafter a Wordpress 2.5 update (uploaded to Debian on 2 Apr, 2008) and\nthe password MD5 hash could be collided with due to PHP dynamic\ncomparison.\n\nCVE-2014-9038\n\nBen Bidner reported a server side request forgery (SSRF) in the core\nHTTP layer which unsufficiently blocked the loopback IP address space.\n\nCVE-2014-9039\n\nMomen Bassel, Tanoy Bose, and Bojan Slavkovic reported a vulnerability\nin the password reset process: an email address change would not\ninvalidate a previous password reset email.\n\nCVE-2015-3438\n\nCedric Van Bockhaven reported and Gary Pendergast, Mike Adams, and\nAndrew Nacin of the WordPress security team fixed a\ncross-site-scripting vulnerabilitity, which could enable anonymous\nusers to compromise a site. \n\nCVE-2015-3439\n\nJakub Zoczek discovered a very limited cross-site scripting\nvulnerability, that could be used as part of a social engineering\nattack.\n\nCVE-2015-3440\n\nJouko Pynnönen discovered a cross-site scripting vulnerability,\nwhich could enable commenters to compromise a site.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2015/06/msg00000.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze-lts/wordpress\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade the affected wordpress, and wordpress-l10n packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:wordpress\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:wordpress-l10n\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"wordpress\", reference:\"3.6.1+dfsg-1~deb6u6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"wordpress-l10n\", reference:\"3.6.1+dfsg-1~deb6u6\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "osv": [{"lastseen": "2022-07-06T05:08:38", "description": "\nMultiple security issues have been discovered in Wordpress, a web\nblogging tool, resulting in denial of service or information disclosure.\nMore information can be found in the upstream advisory at\n\n\n\n* [CVE-2014-9031](https://security-tracker.debian.org/tracker/CVE-2014-9031)\nJouko Pynnonen discovered an unauthenticated cross site scripting\n vulnerability (XSS) in wptexturize(), exploitable via comments or\n posts.\n* [CVE-2014-9033](https://security-tracker.debian.org/tracker/CVE-2014-9033)\nCross site request forgery (CSRF) vulnerability in the password\n changing process, which could be used by an attacker to trick an\n user into changing her password.\n* [CVE-2014-9034](https://security-tracker.debian.org/tracker/CVE-2014-9034)\nJavier Nieto Arevalo and Andres Rojas Guerrero reported a potential\n denial of service in the way the phpass library is used to handle\n passwords, since no maximum password length was set.\n* [CVE-2014-9035](https://security-tracker.debian.org/tracker/CVE-2014-9035)\nJohn Blackbourn reported an XSS in the Press This function (used\n for quick publishing using a browser bookmarklet).\n* [CVE-2014-9036](https://security-tracker.debian.org/tracker/CVE-2014-9036)\nRobert Chapin reported an XSS in the HTML filtering of CSS in posts.\n* [CVE-2014-9037](https://security-tracker.debian.org/tracker/CVE-2014-9037)\nDavid Anderson reported a hash comparison vulnerability for\n passwords stored using the old-style MD5 scheme. While unlikely,\n this could be exploited to compromise an account, if the user had\n not logged in after a Wordpress 2.5 update (uploaded to Debian on 2\n Apr, 2008) and the password MD5 hash could be collided with due to\n PHP dynamic comparison.\n* [CVE-2014-9038](https://security-tracker.debian.org/tracker/CVE-2014-9038)\nBen Bidner reported a server side request forgery (SSRF) in the core\n HTTP layer which unsufficiently blocked the loopback IP address\n space.\n* [CVE-2014-9039](https://security-tracker.debian.org/tracker/CVE-2014-9039)\nMomen Bassel, Tanoy Bose, and Bojan Slavkovic reported a\n vulnerability in the password reset process: an email address change\n would not invalidate a previous password reset email.\n\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 3.6.1+dfsg-1~deb7u5.\n\n\nFor the upcoming stable distribution (jessie), these problems have been\nfixed in version 4.0.1+dfsg-1.\n\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 4.0.1+dfsg-1.\n\n\nWe recommend that you upgrade your wordpress packages.\n\n\n", "cvss3": {}, "published": "2014-12-03T00:00:00", "type": "osv", "title": "wordpress - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9031", "CVE-2014-9033", "CVE-2014-9034", "CVE-2014-9035", "CVE-2014-9036", "CVE-2014-9037", "CVE-2014-9038", "CVE-2014-9039"], "modified": "2022-07-06T02:18:29", "id": "OSV:DSA-3085-1", "href": "https://osv.dev/vulnerability/DSA-3085-1", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-06T05:25:31", "description": "\nIn the Debian squeeze-lts version of Wordpress, multiple security issues\nhave been fixed:\n\n\nRemote attackers could...\n\n\n* ... upload files with invalid or unsafe names\n* ... mount social engineering attacks\n* ... compromise a site via cross-site scripting\n* ... inject SQL commands\n* ... cause denial of service or information disclosure\n\n\n* [CVE-2014-9031](https://security-tracker.debian.org/tracker/CVE-2014-9031)\nJouko Pynnonen discovered an unauthenticated cross site scripting\n vulnerability (XSS) in wptexturize(), exploitable via comments or\n posts.\n* [CVE-2014-9033](https://security-tracker.debian.org/tracker/CVE-2014-9033)\nCross site request forgery (CSRF) vulnerability in the password\n changing process, which could be used by an attacker to trick an user\n into changing her password.\n* [CVE-2014-9034](https://security-tracker.debian.org/tracker/CVE-2014-9034)\nJavier Nieto Arevalo and Andres Rojas Guerrero reported a potential\n denial of service in the way the phpass library is used to handle\n passwords, since no maximum password length was set.\n* [CVE-2014-9035](https://security-tracker.debian.org/tracker/CVE-2014-9035)\nJohn Blackbourn reported an XSS in the Press This function (used\n for quick publishing using a browser bookmarklet).\n* [CVE-2014-9036](https://security-tracker.debian.org/tracker/CVE-2014-9036)\nRobert Chapin reported an XSS in the HTML filtering of CSS in posts.\n* [CVE-2014-9037](https://security-tracker.debian.org/tracker/CVE-2014-9037)\nDavid Anderson reported a hash comparison vulnerability for passwords\n stored using the old-style MD5 scheme. While unlikely, this could be\n exploited to compromise an account, if the user had not logged in\n after a Wordpress 2.5 update (uploaded to Debian on 2 Apr, 2008) and\n the password MD5 hash could be collided with due to PHP dynamic\n comparison.\n* [CVE-2014-9038](https://security-tracker.debian.org/tracker/CVE-2014-9038)\nBen Bidner reported a server side request forgery (SSRF) in the core\n HTTP layer which unsufficiently blocked the loopback IP address\n space.\n* [CVE-2014-9039](https://security-tracker.debian.org/tracker/CVE-2014-9039)\nMomen Bassel, Tanoy Bose, and Bojan Slavkovic reported a\n vulnerability in the password reset process: an email address change\n would not invalidate a previous password reset email.\n* [CVE-2015-3438](https://security-tracker.debian.org/tracker/CVE-2015-3438)\nCedric Van Bockhaven reported and Gary Pendergast, Mike Adams, and Andrew Nacin of the\n WordPress security team fixed a cross-site-scripting vulnerabilitity, which could enable anonymous users\n to compromise a site.\n* [CVE-2015-3439](https://security-tracker.debian.org/tracker/CVE-2015-3439)\nJakub Zoczek discovered a very limited cross-site scripting\n vulnerability, that could be used as part of a social engineering\n attack.\n* [CVE-2015-3440](https://security-tracker.debian.org/tracker/CVE-2015-3440)\nJouko Pynn\u0102\u015bnen discovered a cross-site scripting vulnerability,\n which could enable commenters to compromise a site.\n\n\n", "cvss3": {}, "published": "2015-06-01T00:00:00", "type": "osv", "title": "wordpress - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9031", "CVE-2014-9033", "CVE-2014-9034", "CVE-2014-9035", "CVE-2014-9036", "CVE-2014-9037", "CVE-2014-9038", "CVE-2014-9039", "CVE-2015-3438", "CVE-2015-3439", "CVE-2015-3440"], "modified": "2022-07-06T00:14:26", "id": "OSV:DLA-236-1", "href": "https://osv.dev/vulnerability/DLA-236-1", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:55", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2014:233\r\n http://www.mandriva.com/en/support/security/\r\n _______________________________________________________________________\r\n\r\n Package : wordpress\r\n Date : November 27, 2014\r\n Affected: Business Server 1.0\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n Updated wordpress package fixes security vulnerabilities:\r\n \r\n XSS in wptexturize() via comments or posts, exploitable for\r\n unauthenticated users (CVE-2014-9031).\r\n \r\n XSS in media playlists (CVE-2014-9032).\r\n \r\n CSRF in the password reset process (CVE-2014-9033).\r\n \r\n Denial of service for giant passwords. The phpass library by Solar\r\n Designer was used in both projects without setting a maximum password\r\n length, which can lead to CPU exhaustion upon hashing (CVE-2014-9034).\r\n \r\n XSS in Press This (CVE-2014-9035).\r\n \r\n XSS in HTML filtering of CSS in posts (CVE-2014-9036).\r\n \r\n Hash comparison vulnerability in old-style MD5-stored passwords\r\n (CVE-2014-9037).\r\n \r\n SSRF: Safe HTTP requests did not sufficiently block the loopback IP\r\n address space (CVE-2014-9038).\r\n \r\n Previously an email address change would not invalidate a previous\r\n password reset email (CVE-2014-9039).\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9031\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9032\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9033\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9034\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9035\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9036\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9037\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9038\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9039\r\n http://advisories.mageia.org/MGASA-2014-0493.html\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Business Server 1/X86_64:\r\n 62fa68f582bb7de0f5a2b73f4cd0d68a mbs1/x86_64/wordpress-3.9.3-1.mbs1.noarch.rpm \r\n 1dec5403e27c363d864c7b562b95e76e mbs1/SRPMS/wordpress-3.9.3-1.mbs1.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/en/support/security/advisories/\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_(at)_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n <security*mandriva.com>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.12 (GNU/Linux)\r\n\r\niD8DBQFUd1a7mqjQ0CJFipgRAkRVAJ99KIVWb4ckhvSoKutVDSzMfujV1QCfR3/t\r\nFiSsXvz21f5N3G8Ykv4Txhk=\r\n=aPRO\r\n-----END PGP SIGNATURE-----\r\n\r\n", "edition": 1, "cvss3": {}, "published": "2014-12-01T00:00:00", "title": "[ MDVSA-2014:233 ] wordpress", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2014-9031", "CVE-2014-9039", "CVE-2014-9035", "CVE-2014-9033", "CVE-2014-9036", "CVE-2014-9037", "CVE-2014-9034", "CVE-2014-9032", "CVE-2014-9038"], "modified": "2014-12-01T00:00:00", "id": "SECURITYVULNS:DOC:31413", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31413", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2021-06-08T18:50:36", "description": "PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.", "edition": 2, "cvss3": {}, "published": "2014-12-01T00:00:00", "title": "Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2014-9031", "CVE-2014-6038", "CVE-2014-9039", "CVE-2014-9015", "CVE-2014-5257", "CVE-2014-8088", "CVE-2014-8958", "CVE-2014-3629", "CVE-2014-8499", "CVE-2014-9035", "CVE-2014-5269", "CVE-2014-8961", "CVE-2014-9033", "CVE-2014-9036", "CVE-2014-7958", "CVE-2014-8350", "CVE-2014-7866", "CVE-2014-6039", "CVE-2014-8959", "CVE-2014-8498", "CVE-2014-7137", "CVE-2014-8429", "CVE-2014-7868", "CVE-2014-8682", "CVE-2012-4437", "CVE-2014-8960", "CVE-2014-9037", "CVE-2014-7959", "CVE-2014-8683", "CVE-2014-9034", "CVE-2014-8732", "CVE-2014-9032", "CVE-2014-8749", "CVE-2014-8877", "CVE-2014-8337", "CVE-2014-9038", "CVE-2014-9016", "CVE-2014-8600", "CVE-2014-8731", "CVE-2014-8539"], "modified": "2014-12-01T00:00:00", "id": "SECURITYVULNS:VULN:14113", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14113", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "mageia": [{"lastseen": "2022-04-18T11:19:34", "description": "XSS in wptexturize() via comments or posts, exploitable for unauthenticated users (CVE-2014-9031). XSS in media playlists (CVE-2014-9032). CSRF in the password reset process (CVE-2014-9033). Denial of service for giant passwords. The phpass library by Solar Designer was used in both projects without setting a maximum password length, which can lead to CPU exhaustion upon hashing (CVE-2014-9034). XSS in Press This (CVE-2014-9035). XSS in HTML filtering of CSS in posts (CVE-2014-9036). Hash comparison vulnerability in old-style MD5-stored passwords (CVE-2014-9037). SSRF: Safe HTTP requests did not sufficiently block the loopback IP address space (CVE-2014-9038). Previously an email address change would not invalidate a previous password reset email (CVE-2014-9039). \n", "cvss3": {}, "published": "2014-11-26T17:29:06", "type": "mageia", "title": "Updated wordpress package fixes security vulnerabilities\n", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9031", "CVE-2014-9032", "CVE-2014-9033", "CVE-2014-9034", "CVE-2014-9035", "CVE-2014-9036", "CVE-2014-9037", "CVE-2014-9038", "CVE-2014-9039"], "modified": "2014-11-26T17:29:06", "id": "MGASA-2014-0493", "href": "https://advisories.mageia.org/MGASA-2014-0493.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}]}
CVE-2014-9035
