Lucene search

K
nessusThis script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.WEB_APPLICATION_SCANNING_112648
HistoryNov 12, 2020 - 12:00 a.m.

WordPress 5.4.x < 5.4.3 Multiple Vulnerabilities

2020-11-1200:00:00
This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
8

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities :

  • A deserialization vulnerability exists in Requests_Utility_FilteredIterator class.

  • A cross-site scripting (XSS) vulnerability exists via global variables and post slugs.

  • A denial of service vulnerability against the MySQL database.

  • Two privilege escalation vulnerabilities in XML-RPC.

  • An arbitrary file deletion vulnerability exists via a bypass of protected meta.

  • A cross-site request forgery (CSRF) vulnerability exists when updating a background image.

Note that the scanner has not tested for these issues but has instead relied only on the application’s self-reported version number.

No source data
VendorProductVersion
awordpresswordpress