Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.DEBIAN_DLA-3658.NASL
HistoryNov 20, 2023 - 12:00 a.m.

Debian DLA-3658-1 : wordpress - LTS security update

2023-11-2000:00:00
This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
14
debian
wordpress
lts
security update
vulnerabilities
sensitive information
unauthorized actor
rest api
unauthenticated attackers
email addresses

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.4

Confidence

High

EPSS

0.002

Percentile

59.5%

JSON

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3658 advisory.

  • Exposure of Sensitive Information to an Unauthorized Actor in WordPress from 6.3 through 6.3.1, from 6.2 through 6.2.2, from 6.1 through 6.13, from 6.0 through 6.0.5, from 5.9 through 5.9.7, from 5.8 through 5.8.7, from 5.7 through 5.7.9, from 5.6 through 5.6.11, from 5.5 through 5.5.12, from 5.4 through 5.4.13, from 5.3 through 5.3.15, from 5.2 through 5.2.18, from 5.1 through 5.1.16, from 5.0 through 5.0.19, from 4.9 through 4.9.23, from 4.8 through 4.8.22, from 4.7 through 4.7.26, from 4.6 through 4.6.26, from 4.5 through 4.5.29, from 4.4 through 4.4.30, from 4.3 through 4.3.31, from 4.2 through 4.2.35, from 4.1 through 4.1.38. (CVE-2023-39999)

  • WordPress does not properly restrict which user fields are searchable via the REST API, allowing unauthenticated attackers to discern the email addresses of users who have published public posts on an affected website via an Oracle style attack (CVE-2023-5561)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
#
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory dla-3658. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#

include('compat.inc');

if (description)
{
  script_id(186018);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/05/31");

  script_cve_id("CVE-2023-5561", "CVE-2023-39999");
  script_xref(name:"IAVA", value:"2023-A-0567-S");

  script_name(english:"Debian DLA-3658-1 : wordpress - LTS security update");

  script_set_attribute(attribute:"synopsis", value:
"The remote Debian host is missing one or more security-related updates.");
  script_set_attribute(attribute:"description", value:
"The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the
dla-3658 advisory.

  - Exposure of Sensitive Information to an Unauthorized Actor in WordPress from 6.3 through 6.3.1, from 6.2
    through 6.2.2, from 6.1 through 6.13, from 6.0 through 6.0.5, from 5.9 through 5.9.7, from 5.8 through
    5.8.7, from 5.7 through 5.7.9, from 5.6 through 5.6.11, from 5.5 through 5.5.12, from 5.4 through 5.4.13,
    from 5.3 through 5.3.15, from 5.2 through 5.2.18, from 5.1 through 5.1.16, from 5.0 through 5.0.19, from
    4.9 through 4.9.23, from 4.8 through 4.8.22, from 4.7 through 4.7.26, from 4.6 through 4.6.26, from 4.5
    through 4.5.29, from 4.4 through 4.4.30, from 4.3 through 4.3.31, from 4.2 through 4.2.35, from 4.1
    through 4.1.38. (CVE-2023-39999)

  - WordPress does not properly restrict which user fields are searchable via the REST API, allowing
    unauthenticated attackers to discern the email addresses of users who have published public posts on an
    affected website via an Oracle style attack (CVE-2023-5561)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/source-package/wordpress");
  script_set_attribute(attribute:"see_also", value:"https://www.debian.org/lts/security/2023/dla-3658");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-39999");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-5561");
  script_set_attribute(attribute:"see_also", value:"https://packages.debian.org/source/buster/wordpress");
  script_set_attribute(attribute:"solution", value:
"Upgrade the wordpress packages.

For Debian 10 buster, these problems have been fixed in version 5.0.20+dfsg1-0+deb10u1.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-5561");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2023/10/13");
  script_set_attribute(attribute:"patch_publication_date", value:"2023/11/20");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/11/20");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:wordpress");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:wordpress-l10n");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:wordpress-theme-twentynineteen");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:wordpress-theme-twentyseventeen");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:wordpress-theme-twentysixteen");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:10.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Debian Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}

include('debian_package.inc');

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);

var debian_release = get_kb_item('Host/Debian/release');
if ( isnull(debian_release) ) audit(AUDIT_OS_NOT, 'Debian');
debian_release = chomp(debian_release);
if (! preg(pattern:"^(10)\.[0-9]+", string:debian_release)) audit(AUDIT_OS_NOT, 'Debian 10.0', 'Debian ' + debian_release);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);

var pkgs = [
    {'release': '10.0', 'prefix': 'wordpress', 'reference': '5.0.20+dfsg1-0+deb10u1'},
    {'release': '10.0', 'prefix': 'wordpress-l10n', 'reference': '5.0.20+dfsg1-0+deb10u1'},
    {'release': '10.0', 'prefix': 'wordpress-theme-twentynineteen', 'reference': '5.0.20+dfsg1-0+deb10u1'},
    {'release': '10.0', 'prefix': 'wordpress-theme-twentyseventeen', 'reference': '5.0.20+dfsg1-0+deb10u1'},
    {'release': '10.0', 'prefix': 'wordpress-theme-twentysixteen', 'reference': '5.0.20+dfsg1-0+deb10u1'}
];

var flag = 0;
foreach package_array ( pkgs ) {
  var _release = NULL;
  var prefix = NULL;
  var reference = NULL;
  if (!empty_or_null(package_array['release'])) _release = package_array['release'];
  if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (_release && prefix && reference) {
    if (deb_check(release:_release, prefix:prefix, reference:reference)) flag++;
  }
}

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : deb_report_get()
  );
  exit(0);
}
else
{
  var tested = deb_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'wordpress / wordpress-l10n / wordpress-theme-twentynineteen / etc');
}

Related

debian 2
osv 9
openvas 7
nessus 5
prion 2
ubuntucve 2
wpvulndb 2
debiancve 2
attackerkb 1
fedora 3
veracode 2
cvelist 2
nvd 2
cve 2
githubexploit 2
wpexploit 1
avleonov 1
wordfence 1
debian
debian
[SECURITY] [DLA 3658-1] wordpress security update
2023-11-20 21:26:30
[SECURITY] [DSA 5685-1] wordpress security update
2024-05-08 22:06:13
osv
osv
wordpress - security update
2023-11-20 00:00:00
BIT-wordpress-2023-39999
2024-03-06 11:08:58
CVE-2023-39999
2023-10-13 12:15:09
openvas
openvas
Debian: Security Advisory (DLA-3658-1)
2023-11-21 00:00:00
WordPress Multiple Vulnerabilities (Oct 2023) - Windows
2023-10-13 00:00:00
WordPress Multiple Vulnerabilities (Oct 2023) - Linux
2023-10-13 00:00:00
nessus
nessus
WordPress 6.0 < 6.3.2 Multiple Vulnerabilities
2023-10-12 00:00:00
Fedora 38 : wordpress (2023-c42a4b2eab)
2023-10-25 00:00:00
Fedora 39 : wordpress (2023-1adca3e938)
2023-11-07 00:00:00
prion
prion
Design/Logic Flaw
2023-10-13 12:15:00
Code injection
2023-10-16 20:15:00
ubuntucve
ubuntucve
CVE-2023-39999
2023-10-13 00:00:00
CVE-2023-5561
2023-10-16 00:00:00
wpvulndb
wpvulndb
WP < 6.3.2 - Contributor+ Comment Disclosure
2023-10-13 00:00:00
WP < 6.3.2 - Unauthenticated Post Author Email Disclosure
2023-10-13 00:00:00
debiancve
debiancve
CVE-2023-39999
2023-10-13 12:15:09
CVE-2023-5561
2023-10-16 20:15:18
attackerkb
attackerkb
CVE-2023-39999
2023-10-13 00:00:00
fedora
fedora
[SECURITY] Fedora 39 Update: wordpress-6.3.2-1.fc39
2023-11-03 18:58:31
[SECURITY] Fedora 37 Update: wordpress-6.2.3-1.fc37
2023-10-25 01:24:30
[SECURITY] Fedora 38 Update: wordpress-6.3.2-1.fc38
2023-10-25 01:36:40
veracode
veracode
Information Disclosure
2023-11-05 17:25:17
Information Disclosure
2023-11-12 06:43:12
cvelist
cvelist
CVE-2023-39999 WordPress < 6.3.2 is vulnerable to Broken Access Control
2023-10-13 11:31:16
CVE-2023-5561 WordPress < 6.3.2 - Unauthenticated Post Author Email Disclosure
2023-10-16 19:39:10
nvd
nvd
CVE-2023-39999
2023-10-13 12:15:09
CVE-2023-5561
2023-10-16 20:15:18
cve
cve
CVE-2023-39999
2023-10-13 12:15:09
CVE-2023-5561
2023-10-16 20:15:18
githubexploit
githubexploit
Exploit for Vulnerability in Wordpress
2023-11-26 03:47:33
Exploit for CVE-2023-5561
2023-12-13 16:43:18
wpexploit
wpexploit
WP < 6.3.2 - Unauthenticated Post Author Email Disclosure
2023-10-13 00:00:00
avleonov
avleonov
November 2023 – January 2024: New Vulristics Features, 3 Months of Microsoft Patch Tuesdays and Linux Patch Wednesdays, Year 2023 in Review
2024-02-01 17:07:20
wordfence
wordfence
Wordfence Intelligence Weekly WordPress Vulnerability Report (October 9, 2023 to October 15, 2023)
2023-10-19 15:52:27

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.4

Confidence

High

EPSS

0.002

Percentile

59.5%

JSON
Related for DEBIAN_DLA-3658.NASL
debian2osv9openvas7nessus5prion2ubuntucve2wpvulndb2debiancve2attackerkb1fedora3veracode2cvelist2nvd2cve2githubexploit2wpexploit1avleonov1wordfence1