ID FEDORA:6FC2261FE275 Type fedora Reporter Fedora Modified 2016-05-20T17:57:08
Description
Wordpress is an online publishing / weblog package that makes it very easy, almost trivial, to get information out to people on the web. Important information in /usr/share/doc/wordpress/README.fedora
{"id": "FEDORA:6FC2261FE275", "type": "fedora", "bulletinFamily": "unix", "title": "[SECURITY] Fedora 24 Update: wordpress-4.5.2-2.fc24", "description": "Wordpress is an online publishing / weblog package that makes it very easy, almost trivial, to get information out to people on the web. Important information in /usr/share/doc/wordpress/README.fedora ", "published": "2016-05-20T17:57:08", "modified": "2016-05-20T17:57:08", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "href": "", "reporter": "Fedora", "references": [], "cvelist": ["CVE-2016-4566", "CVE-2016-4567"], "lastseen": "2020-12-21T08:17:53", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2016-4566", "CVE-2016-4567"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310808330", "OPENVAS:1361412562310808367", "OPENVAS:1361412562310808411"]}, {"type": "freebsd", "idList": ["3686917B-164D-11E6-94FA-002590263BF5"]}, {"type": "nessus", "idList": ["FEDORA_2016-E97A850183.NASL", "FREEBSD_PKG_3686917B164D11E694FA002590263BF5.NASL", "WORDPRESS_4_5_2.NASL", "FEDORA_2016-D9BD0C4830.NASL", "FEDORA_2016-CF91320535.NASL"]}, {"type": "fedora", "idList": ["FEDORA:0CB1762A7F87", "FEDORA:3306D616656E"]}, {"type": "wpvulndb", "idList": ["WPVDB-ID:8488", "WPVDB-ID:8489"]}, {"type": "debian", "idList": ["DEBIAN:BSA-110:3C6DE"]}], "modified": "2020-12-21T08:17:53", "rev": 2}, "score": {"value": 5.0, "vector": "NONE", "modified": "2020-12-21T08:17:53", "rev": 2}, "vulnersScore": 5.0}, "affectedPackage": [{"OS": "Fedora", "OSVersion": "24", "arch": "any", "packageName": "wordpress", "packageVersion": "4.5.2", "packageFilename": "UNKNOWN", "operator": "lt"}]}
{"cve": [{"lastseen": "2020-12-09T20:07:39", "description": "Cross-site scripting (XSS) vulnerability in flash/FlashMediaElement.as in MediaElement.js before 2.21.0, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or HTML via an obfuscated form of the jsinitfunction parameter, as demonstrated by \"jsinitfunctio%gn.\"", "edition": 5, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 6.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 2.7}, "published": "2016-05-22T01:59:00", "title": "CVE-2016-4567", "type": "cve", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4567"], "modified": "2016-12-02T23:01:00", "cpe": ["cpe:/a:wordpress:wordpress:4.5.1", "cpe:/a:mediaelementjs:mediaelement.js:2.20.1"], "id": "CVE-2016-4567", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4567", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:mediaelementjs:mediaelement.js:2.20.1:*:*:*:*:*:*:*", "cpe:2.3:a:wordpress:wordpress:4.5.1:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T20:07:39", "description": "Cross-site scripting (XSS) vulnerability in plupload.flash.swf in Plupload before 2.1.9, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or HTML via a Same-Origin Method Execution (SOME) attack.", "edition": 5, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 6.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 2.7}, "published": "2016-05-22T01:59:00", "title": "CVE-2016-4566", "type": "cve", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4566"], "modified": "2016-12-02T22:56:00", "cpe": ["cpe:/a:wordpress:wordpress:4.5.1", "cpe:/a:plupload:plupload:2.1.8"], "id": "CVE-2016-4566", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4566", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:plupload:plupload:2.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:wordpress:wordpress:4.5.1:*:*:*:*:*:*:*"]}], "freebsd": [{"lastseen": "2019-05-29T18:32:43", "bulletinFamily": "unix", "cvelist": ["CVE-2016-4567", "CVE-2016-4566"], "description": "\nHelen Hou-Sandi reports:\n\nWordPress 4.5.2 is now available. This is a security release for\n\t all previous versions and we strongly encourage you to update your\n\t sites immediately.\nWordPress versions 4.5.1 and earlier are affected by a SOME\n\t vulnerability through Plupload, the third-party library WordPress\n\t uses for uploading files. WordPress versions 4.2 through 4.5.1 are\n\t vulnerable to reflected XSS using specially crafted URIs through\n\t MediaElement.js, the third-party library used for media players.\n\t MediaElement.js and Plupload have also released updates fixing\n\t these issues.\n\n", "edition": 4, "modified": "2016-05-06T00:00:00", "published": "2016-05-06T00:00:00", "id": "3686917B-164D-11E6-94FA-002590263BF5", "href": "https://vuxml.freebsd.org/freebsd/3686917b-164d-11e6-94fa-002590263bf5.html", "title": "wordpress -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "fedora": [{"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2016-4566", "CVE-2016-4567"], "description": "Wordpress is an online publishing / weblog package that makes it very easy, almost trivial, to get information out to people on the web. Important information in /usr/share/doc/wordpress/README.fedora ", "modified": "2016-05-20T23:53:47", "published": "2016-05-20T23:53:47", "id": "FEDORA:3306D616656E", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 22 Update: wordpress-4.5.2-1.fc22", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2016-4566", "CVE-2016-4567"], "description": "Wordpress is an online publishing / weblog package that makes it very easy, almost trivial, to get information out to people on the web. Important information in /usr/share/doc/wordpress/README.fedora ", "modified": "2016-05-21T00:01:14", "published": "2016-05-21T00:01:14", "id": "FEDORA:0CB1762A7F87", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 23 Update: wordpress-4.5.2-1.fc23", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "nessus": [{"lastseen": "2021-01-06T10:48:52", "description": "Helen Hou-Sandi reports :\n\nWordPress 4.5.2 is now available. This is a security release for all\nprevious versions and we strongly encourage you to update your sites\nimmediately.\n\nWordPress versions 4.5.1 and earlier are affected by a SOME\nvulnerability through Plupload, the third-party library WordPress uses\nfor uploading files. WordPress versions 4.2 through 4.5.1 are\nvulnerable to reflected XSS using specially crafted URIs through\nMediaElement.js, the third-party library used for media players.\nMediaElement.js and Plupload have also released updates fixing these\nissues.", "edition": 26, "cvss3": {"score": 6.1, "vector": "AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}, "published": "2016-05-11T00:00:00", "title": "FreeBSD : wordpress -- multiple vulnerabilities (3686917b-164d-11e6-94fa-002590263bf5)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-4567", "CVE-2016-4566"], "modified": "2016-05-11T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:ru-wordpress", "p-cpe:/a:freebsd:freebsd:ja-wordpress", "p-cpe:/a:freebsd:freebsd:zh-wordpress-zh_TW", "cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:de-wordpress", "p-cpe:/a:freebsd:freebsd:zh-wordpress-zh_CN", "p-cpe:/a:freebsd:freebsd:wordpress"], "id": "FREEBSD_PKG_3686917B164D11E694FA002590263BF5.NASL", "href": "https://www.tenable.com/plugins/nessus/91027", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(91027);\n script_version(\"2.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2016-4566\", \"CVE-2016-4567\");\n\n script_name(english:\"FreeBSD : wordpress -- multiple vulnerabilities (3686917b-164d-11e6-94fa-002590263bf5)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Helen Hou-Sandi reports :\n\nWordPress 4.5.2 is now available. This is a security release for all\nprevious versions and we strongly encourage you to update your sites\nimmediately.\n\nWordPress versions 4.5.1 and earlier are affected by a SOME\nvulnerability through Plupload, the third-party library WordPress uses\nfor uploading files. WordPress versions 4.2 through 4.5.1 are\nvulnerable to reflected XSS using specially crafted URIs through\nMediaElement.js, the third-party library used for media players.\nMediaElement.js and Plupload have also released updates fixing these\nissues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://wordpress.org/news/2016/05/wordpress-4-5-2/\"\n );\n # http://www.openwall.com/lists/oss-security/2016/05/07/7\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.openwall.com/lists/oss-security/2016/05/07/7\"\n );\n # https://vuxml.freebsd.org/freebsd/3686917b-164d-11e6-94fa-002590263bf5.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?50dc04c7\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:de-wordpress\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:ja-wordpress\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:ru-wordpress\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:wordpress\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:zh-wordpress-zh_CN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:zh-wordpress-zh_TW\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"wordpress<4.5.2,1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"de-wordpress<4.5.2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"ja-wordpress<4.5.2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"ru-wordpress<4.5.2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"zh-wordpress-zh_CN<4.5.2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"zh-wordpress-zh_TW<4.5.2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-12T10:14:50", "description": "**WordPress 4.5.2** is now available. This is a security release for\nall previous versions and we strongly encourage you to update your\nsites immediately.\n\nSee the [Release\nannouncement](https://wordpress.org/news/2016/05/wordpress-4-5-2/)\n\n----\n\nVersion 4.5.1 of WordPress is available and fixes 12 bugs. \n\nSee [Release\nannouncement](https://wordpress.org/news/2016/04/wordpress-4-5-1-maint\nenance-release/)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 18, "cvss3": {"score": 6.1, "vector": "AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}, "published": "2016-07-14T00:00:00", "title": "Fedora 23 : wordpress (2016-cf91320535)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-4566"], "modified": "2016-07-14T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:wordpress", "cpe:/o:fedoraproject:fedora:23"], "id": "FEDORA_2016-CF91320535.NASL", "href": "https://www.tenable.com/plugins/nessus/92166", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-cf91320535.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(92166);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-4566\");\n script_xref(name:\"FEDORA\", value:\"2016-cf91320535\");\n\n script_name(english:\"Fedora 23 : wordpress (2016-cf91320535)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"**WordPress 4.5.2** is now available. This is a security release for\nall previous versions and we strongly encourage you to update your\nsites immediately.\n\nSee the [Release\nannouncement](https://wordpress.org/news/2016/05/wordpress-4-5-2/)\n\n----\n\nVersion 4.5.1 of WordPress is available and fixes 12 bugs. \n\nSee [Release\nannouncement](https://wordpress.org/news/2016/04/wordpress-4-5-1-maint\nenance-release/)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-cf91320535\"\n );\n # https://wordpress.org/news/2016/04/wordpress-4-5-1-maintenance-release/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?86580192\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected wordpress package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:wordpress\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:23\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^23([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 23\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC23\", reference:\"wordpress-4.5.2-1.fc23\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wordpress\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-12T10:14:52", "description": "**WordPress 4.5.2** is now available. This is a security release for\nall previous versions and we strongly encourage you to update your\nsites immediately.\n\nSee the [Release\nannouncement](https://wordpress.org/news/2016/05/wordpress-4-5-2/)\n\n---\n\n**Packaging changes**\n\n - provide nginx configuration\n\n - drop mandatory dependency on httpd (only suggested) and\n mod_php (php-fpm works)\n\n - protect php files in uploads directory\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 18, "cvss3": {"score": 6.1, "vector": "AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}, "published": "2016-07-14T00:00:00", "title": "Fedora 24 : wordpress (2016-d9bd0c4830)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-4566"], "modified": "2016-07-14T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:wordpress", "cpe:/o:fedoraproject:fedora:24"], "id": "FEDORA_2016-D9BD0C4830.NASL", "href": "https://www.tenable.com/plugins/nessus/92180", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-d9bd0c4830.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(92180);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-4566\");\n script_xref(name:\"FEDORA\", value:\"2016-d9bd0c4830\");\n\n script_name(english:\"Fedora 24 : wordpress (2016-d9bd0c4830)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"**WordPress 4.5.2** is now available. This is a security release for\nall previous versions and we strongly encourage you to update your\nsites immediately.\n\nSee the [Release\nannouncement](https://wordpress.org/news/2016/05/wordpress-4-5-2/)\n\n---\n\n**Packaging changes**\n\n - provide nginx configuration\n\n - drop mandatory dependency on httpd (only suggested) and\n mod_php (php-fpm works)\n\n - protect php files in uploads directory\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-d9bd0c4830\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected wordpress package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:wordpress\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:24\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^24([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 24\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC24\", reference:\"wordpress-4.5.2-2.fc24\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wordpress\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-12T10:14:58", "description": "**WordPress 4.5.2** is now available. This is a security release for\nall previous versions and we strongly encourage you to update your\nsites immediately.\n\nSee the [Release\nannouncement](https://wordpress.org/news/2016/05/wordpress-4-5-2/)\n\n----\n\nVersion 4.5.1 of WordPress is available and fixes 12 bugs. \n\nSee [Release\nannouncement](https://wordpress.org/news/2016/04/wordpress-4-5-1-maint\nenance-release/)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 18, "cvss3": {"score": 6.1, "vector": "AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}, "published": "2016-07-14T00:00:00", "title": "Fedora 22 : wordpress (2016-e97a850183)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-4566"], "modified": "2016-07-14T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:wordpress", "cpe:/o:fedoraproject:fedora:22"], "id": "FEDORA_2016-E97A850183.NASL", "href": "https://www.tenable.com/plugins/nessus/92193", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-e97a850183.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(92193);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-4566\");\n script_xref(name:\"FEDORA\", value:\"2016-e97a850183\");\n\n script_name(english:\"Fedora 22 : wordpress (2016-e97a850183)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"**WordPress 4.5.2** is now available. This is a security release for\nall previous versions and we strongly encourage you to update your\nsites immediately.\n\nSee the [Release\nannouncement](https://wordpress.org/news/2016/05/wordpress-4-5-2/)\n\n----\n\nVersion 4.5.1 of WordPress is available and fixes 12 bugs. \n\nSee [Release\nannouncement](https://wordpress.org/news/2016/04/wordpress-4-5-1-maint\nenance-release/)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-e97a850183\"\n );\n # https://wordpress.org/news/2016/04/wordpress-4-5-1-maintenance-release/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?86580192\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected wordpress package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:wordpress\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:22\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^22([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 22\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC22\", reference:\"wordpress-4.5.2-1.fc22\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wordpress\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-01T07:01:01", "description": "According to its self-reported version number, the WordPress\napplication running on the remote web server is prior to 4.5.2.\nIt is, therefore, affected by the following vulnerabilities :\n\n - A remote code execution vulnerability, known as\n ImageTragick, exists in the ImageMagick library due to a\n failure to properly filter shell characters in filenames\n passed to delegate commands. A remote attacker can\n exploit this, via specially crafted images, to inject\n shell commands and execute arbitrary code.\n (CVE-2016-3714)\n\n - An unspecified flaw exists in the ImageMagick library in\n the 'ephemeral' pseudo protocol that allows an attacker\n to delete arbitrary files. (CVE-2016-3715)\n\n - An unspecified flaw exists in the ImageMagick library in\n the 'ms' pseudo protocol that allows an attacker to move\n arbitrary files to arbitrary locations. (CVE-2016-3716)\n\n - An unspecified flaw exists in the ImageMagick library in\n the 'label' pseudo protocol that allows an attacker, via\n a specially crafted image, to read arbitrary files.\n (CVE-2016-3717)\n\n - A server-side request forgery (SSRF) vulnerability\n exists due to an unspecified flaw related to request\n handling between a user and the server. A remote\n attacker can exploit this, via an MVG file with a\n specially crafted fill element, to bypass access\n restrictions and conduct host-based attacks.\n (CVE-2016-3718)\n\n - An unspecified flaw exists in Plupload that allows an\n attacker to perform a same-origin method execution.\n (CVE-2016-4566)\n\n - A reflected cross-site scripting vulnerability exists in\n MediaElement.js due to improper validation of\n user-supplied input. A context-dependent attacker can\n exploit this, via a specially crafted request, to\n execute arbitrary script code in a user's browser\n session. (CVE-2016-4567)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.", "edition": 27, "cvss3": {"score": 8.4, "vector": "AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-05-12T00:00:00", "title": "WordPress < 4.5.2 Multiple Vulnerabilities (ImageTragick)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-3715", "CVE-2016-3716", "CVE-2016-4567", "CVE-2016-3714", "CVE-2016-3718", "CVE-2016-4566", "CVE-2016-3717"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:wordpress:wordpress"], "id": "WORDPRESS_4_5_2.NASL", "href": "https://www.tenable.com/plugins/nessus/91101", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(91101);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2019/11/19\");\n\n script_cve_id(\n \"CVE-2016-3714\",\n \"CVE-2016-3715\",\n \"CVE-2016-3716\",\n \"CVE-2016-3717\",\n \"CVE-2016-3718\",\n \"CVE-2016-4566\",\n \"CVE-2016-4567\"\n );\n script_bugtraq_id(\n 89848,\n 89849,\n 89852,\n 89861,\n 89866,\n 90300\n );\n script_xref(name:\"CERT\", value:\"250519\");\n script_xref(name:\"EDB-ID\", value:\"39767\");\n script_xref(name:\"EDB-ID\", value:\"39791\");\n\n script_name(english:\"WordPress < 4.5.2 Multiple Vulnerabilities (ImageTragick)\");\n script_summary(english:\"Checks the version of WordPress.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The PHP application running on the remote web server is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the WordPress\napplication running on the remote web server is prior to 4.5.2.\nIt is, therefore, affected by the following vulnerabilities :\n\n - A remote code execution vulnerability, known as\n ImageTragick, exists in the ImageMagick library due to a\n failure to properly filter shell characters in filenames\n passed to delegate commands. A remote attacker can\n exploit this, via specially crafted images, to inject\n shell commands and execute arbitrary code.\n (CVE-2016-3714)\n\n - An unspecified flaw exists in the ImageMagick library in\n the 'ephemeral' pseudo protocol that allows an attacker\n to delete arbitrary files. (CVE-2016-3715)\n\n - An unspecified flaw exists in the ImageMagick library in\n the 'ms' pseudo protocol that allows an attacker to move\n arbitrary files to arbitrary locations. (CVE-2016-3716)\n\n - An unspecified flaw exists in the ImageMagick library in\n the 'label' pseudo protocol that allows an attacker, via\n a specially crafted image, to read arbitrary files.\n (CVE-2016-3717)\n\n - A server-side request forgery (SSRF) vulnerability\n exists due to an unspecified flaw related to request\n handling between a user and the server. A remote\n attacker can exploit this, via an MVG file with a\n specially crafted fill element, to bypass access\n restrictions and conduct host-based attacks.\n (CVE-2016-3718)\n\n - An unspecified flaw exists in Plupload that allows an\n attacker to perform a same-origin method execution.\n (CVE-2016-4566)\n\n - A reflected cross-site scripting vulnerability exists in\n MediaElement.js due to improper validation of\n user-supplied input. A context-dependent attacker can\n exploit this, via a specially crafted request, to\n execute arbitrary script code in a user's browser\n session. (CVE-2016-4567)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://wordpress.org/news/2016/05/wordpress-4-5-2/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://imagetragick.com/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to WordPress version 4.5.2 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-3714\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/12\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:wordpress:wordpress\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"wordpress_detect.nasl\");\n script_require_keys(\"www/PHP\", \"installed_sw/WordPress\", \"Settings/ParanoidReport\");\n script_require_ports(\"Services/www\", 80, 443);\n\n exit(0);\n}\n\ninclude(\"vcf.inc\");\ninclude(\"http.inc\");\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\napp = \"WordPress\";\nport = get_http_port(default:80, php:TRUE);\n\napp_info = vcf::get_app_info(app:app, port:port, webapp:TRUE);\nvcf::check_granularity(app_info:app_info, sig_segments:2);\n\nconstraints = [\n { \"fixed_version\":\"3.7.14\", \"fixed_display\" : \"3.7.14 / 4.5.2\" },\n { \"min_version\":\"3.8\", \"fixed_version\":\"3.8.14\", \"fixed_display\" : \"3.8.14 / 4.5.2\" },\n { \"min_version\":\"3.9\", \"fixed_version\":\"3.9.12\", \"fixed_display\" : \"3.9.12 / 4.5.2\" },\n { \"min_version\":\"4.0\", \"fixed_version\":\"4.0.11\", \"fixed_display\" : \"4.0.11 / 4.5.2\" },\n { \"min_version\":\"4.1\", \"fixed_version\":\"4.1.11\", \"fixed_display\" : \"4.1.11 / 4.5.2\" },\n { \"min_version\":\"4.2\", \"fixed_version\":\"4.2.8\", \"fixed_display\" : \"4.2.8 / 4.5.2\" },\n { \"min_version\":\"4.3\", \"fixed_version\":\"4.3.4\", \"fixed_display\" : \"4.3.4 / 4.5.2\" },\n { \"min_version\":\"4.4\", \"fixed_version\":\"4.4.3\", \"fixed_display\" : \"4.4.3 / 4.5.2\" },\n { \"min_version\":\"4.5\", \"fixed_version\":\"4.5.2\", \"fixed_display\" : \"4.5.2\" }\n];\n\nvcf::check_version_and_report(\n app_info:app_info,\n constraints:constraints,\n severity:SECURITY_HOLE,\n flags:{xss:TRUE}\n);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2019-05-29T18:35:48", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-4567", "CVE-2016-4566"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2016-06-08T00:00:00", "id": "OPENVAS:1361412562310808367", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310808367", "type": "openvas", "title": "Fedora Update for wordpress FEDORA-2016-cf91320535", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for wordpress FEDORA-2016-cf91320535\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.808367\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-06-08 15:41:46 +0200 (Wed, 08 Jun 2016)\");\n script_cve_id(\"CVE-2016-4566\", \"CVE-2016-4567\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for wordpress FEDORA-2016-cf91320535\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'wordpress'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"wordpress on Fedora 23\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-cf91320535\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KNZ5WANYWW2GTQYWXKFYGILFOIFV5SJN\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC23\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC23\")\n{\n\n if ((res = isrpmvuln(pkg:\"wordpress\", rpm:\"wordpress~4.5.2~1.fc23\", rls:\"FC23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:35:19", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-4567", "CVE-2016-4566"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2016-06-08T00:00:00", "id": "OPENVAS:1361412562310808411", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310808411", "type": "openvas", "title": "Fedora Update for wordpress FEDORA-2016-d9bd0c4830", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for wordpress FEDORA-2016-d9bd0c4830\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.808411\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-06-08 15:53:02 +0200 (Wed, 08 Jun 2016)\");\n script_cve_id(\"CVE-2016-4566\", \"CVE-2016-4567\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for wordpress FEDORA-2016-d9bd0c4830\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'wordpress'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"wordpress on Fedora 24\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-d9bd0c4830\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ONPDRFTOLD3XFYP5NJYSVO6ASEYW7HKX\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC24\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC24\")\n{\n\n if ((res = isrpmvuln(pkg:\"wordpress\", rpm:\"wordpress~4.5.2~2.fc24\", rls:\"FC24\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:35:04", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-4567", "CVE-2016-4566"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2016-06-08T00:00:00", "id": "OPENVAS:1361412562310808330", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310808330", "type": "openvas", "title": "Fedora Update for wordpress FEDORA-2016-e97a850183", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for wordpress FEDORA-2016-e97a850183\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.808330\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-06-08 15:42:02 +0200 (Wed, 08 Jun 2016)\");\n script_cve_id(\"CVE-2016-4566\", \"CVE-2016-4567\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for wordpress FEDORA-2016-e97a850183\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'wordpress'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"wordpress on Fedora 22\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-e97a850183\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PKSGHYLKGFBY5CLCHKZJAMZTPDQLX2H5\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC22\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC22\")\n{\n\n if ((res = isrpmvuln(pkg:\"wordpress\", rpm:\"wordpress~4.5.2~1.fc22\", rls:\"FC22\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "wpvulndb": [{"lastseen": "2020-06-29T19:36:45", "bulletinFamily": "software", "cvelist": ["CVE-2016-4567"], "description": "WordPress Vulnerability - WordPress 4.2-4.5.1 - MediaElement.js Reflected Cross-Site Scripting (XSS)\n", "modified": "2019-11-01T00:00:00", "published": "2016-05-06T00:00:00", "id": "WPVDB-ID:8488", "href": "https://wpvulndb.com/vulnerabilities/8488", "type": "wpvulndb", "title": "WordPress 4.2-4.5.1 - MediaElement.js Reflected Cross-Site Scripting (XSS)", "sourceData": "", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-06-29T19:36:46", "bulletinFamily": "software", "cvelist": ["CVE-2016-4566"], "description": "WordPress Vulnerability - WordPress <= 4.5.1 - Pupload Same Origin Method Execution (SOME)\n", "modified": "2019-11-01T00:00:00", "published": "2016-05-06T00:00:00", "id": "WPVDB-ID:8489", "href": "https://wpvulndb.com/vulnerabilities/8489", "type": "wpvulndb", "title": "WordPress <= 4.5.1 - Pupload Same Origin Method Execution (SOME)", "sourceData": "", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "debian": [{"lastseen": "2019-05-30T02:21:36", "bulletinFamily": "unix", "cvelist": ["CVE-2016-4566"], "description": "Craig Small <csmall@debian.org> uploaded new packages for wordpress\nwhich fixed the following securty problems:\n\nCVE-2016-4566 Reflected XSS in PLupload and mediaelement\n\nFor the jessie-backports distribution the problems have been fixed in\nversion 4.5.2+dfsg-1~bpo8+1\n\n-- \nCraig Small (@smallsees) http://enc.com.au/ csmall at : enc.com.au\nDebian GNU/Linux http://www.debian.org/ csmall at : debian.org\nGPG fingerprint: 5D2F B320 B825 D939 04D2 0519 3938 F96B DF50 FEA5\n", "edition": 2, "modified": "2016-05-11T12:24:29", "published": "2016-05-11T12:24:29", "id": "DEBIAN:BSA-110:3C6DE", "href": "https://lists.debian.org/debian-backports-announce/2016/debian-backports-announce-201605/msg00000.html", "title": "[BSA-110] Security Update for wordpress", "type": "debian", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}]}
