Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2011-2021 Tenable Network Security, Inc.WORDPRESS_3_0_2.NASL
HistoryFeb 03, 2011 - 12:00 a.m.

WordPress < 3.0.2 Multiple Vulnerabilities

2011-02-0300:00:00
This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.
www.tenable.com
50
JSON

According to its version number, the installation of WordPress hosted on the remote web server is affected by multiple vulnerabilities :

  • A SQL injection vulnerability exists in the ‘wp-includes/comment.php’ script due to improper sanitization of user-supplied input to the ‘Send Trackbacks’ field. A remote attacker can exploit this to inject or manipulate SQL queries to manipulate or disclose arbitrary data. (CVE-2010-4257)

  • A cross-site scripting vulnerability exists in the request_filesystem_credentials() function in the ‘wp-admin/includes/file.php’ script where input passed from an error message for an FTP or SSH connection attempt is not validated. This allows a context-dependent attacker to use a specially crafted request to execute arbitrary script code within the user’s browser session. (CVE-2010-5294)

  • A cross-site scripting vulnerability exists in the ‘wp-admin/plugins.php’ script due to improper validation of input supplied via a plugin’s ‘author’ field. This allows a remote attacker to inject arbitrary script or HTML code in a user’s browser session. (CVE-2010-5295)

  • A security bypass vulnerability exists in the ‘wp-includes/capabilities.php’ script. When a multisite configuration is used, Super Admin privileges are not needed for the ‘delete_users’ capability. This allows an authenticated attacker to bypass access restrictions.
    (CVE-2010-5296)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(51860);
  script_version("1.19");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");

  script_cve_id(
    "CVE-2010-4257",
    "CVE-2010-5294",
    "CVE-2010-5295",
    "CVE-2010-5296",
    "CVE-2010-5293"
  );
  script_bugtraq_id(
    45131,
    65233,
    65240,
    73661,
    65235
  );
  script_xref(name:"Secunia", value:"42431");

  script_name(english:"WordPress < 3.0.2 Multiple Vulnerabilities");
  script_summary(english:"Checks the version of WordPress.");

  script_set_attribute(attribute:"synopsis", value:
"The remote web server hosts a PHP application that is affected by
multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"According to its version number, the installation of WordPress hosted
on the remote web server is affected by multiple vulnerabilities :

  - A SQL injection vulnerability exists in the
    'wp-includes/comment.php' script due to improper
    sanitization of user-supplied input to the 'Send
    Trackbacks' field. A remote attacker can exploit this to
    inject or manipulate SQL queries to manipulate or
    disclose arbitrary data. (CVE-2010-4257)

  - A cross-site scripting vulnerability exists in the
    request_filesystem_credentials() function in the
    'wp-admin/includes/file.php' script where input passed
    from an error message for an FTP or SSH connection
    attempt is not validated. This allows a
    context-dependent attacker to use a specially crafted
    request to execute arbitrary script code within the
    user's browser session. (CVE-2010-5294)

  - A cross-site scripting vulnerability exists in the
    'wp-admin/plugins.php' script due to improper validation
    of input supplied via a plugin's 'author' field. This
    allows a remote attacker to inject arbitrary script or
    HTML code in a user's browser session. (CVE-2010-5295)

  - A security bypass vulnerability exists in the
    'wp-includes/capabilities.php' script. When a multisite
    configuration is used, Super Admin privileges are not
    needed for the 'delete_users' capability. This allows an
    authenticated attacker to bypass access restrictions.
    (CVE-2010-5296)

Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.");
  script_set_attribute(attribute:"see_also", value:"https://wordpress.org/news/2010/11/wordpress-3-0-2/");
  script_set_attribute(attribute:"see_also", value:"https://core.trac.wordpress.org/changeset/16373");
  script_set_attribute(attribute:"see_also", value:"https://codex.wordpress.org/Version_3.0.2");
  script_set_attribute(attribute:"solution", value:"Upgrade to WordPress 3.0.2 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);

  script_set_attribute(attribute:"vuln_publication_date", value:"2010/09/04");
  script_set_attribute(attribute:"patch_publication_date", value:"2010/11/30");
  script_set_attribute(attribute:"plugin_publication_date", value:"2011/02/03");

  script_set_attribute(attribute:"potential_vulnerability", value:"true");
  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:wordpress:wordpress");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CGI abuses");

  script_copyright(english:"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.");

  script_dependencies("wordpress_detect.nasl");
  script_require_keys("installed_sw/WordPress", "www/PHP", "Settings/ParanoidReport");
  script_require_ports("Services/www", 80);

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");
include("install_func.inc");

app = "WordPress";
get_install_count(app_name:app, exit_if_zero:TRUE);

port = get_http_port(default:80, php:TRUE);

install = get_single_install(
  app_name : app,
  port     : port,
  exit_if_unknown_ver : TRUE
);

dir = install['path'];
version = install['version'];
install_url = build_url(port:port, qs:dir);

if (report_paranoia < 2) audit(AUDIT_PARANOID);

ver = split(version, sep:'.', keep:FALSE);
for (i=0; i<max_index(ver); i++)
  ver[i] = int(ver[i]);

# Versions < 3.0.2 are affected.
if (
  ver[0] < 3 ||
  (ver[0] == 3 && ver[1] == 0 && ver[2] < 2)
)
{
  set_kb_item(name:'www/'+port+'/SQLInjection', value:TRUE);
  set_kb_item(name:'www/'+port+'/XSS', value: TRUE);

  if (report_verbosity > 0)
  {
    report =
      '\n  URL               : ' + install_url +
      '\n  Installed version : ' + version +
      '\n  Fixed version     : 3.0.2\n';
    security_warning(port:port, extra:report);
  }
  else security_warning(port);

  exit(0);
}
else audit(AUDIT_WEB_APP_NOT_AFFECTED, app, install_url, version);
VendorProductVersionCPE
wordpresswordpresscpe:/a:wordpress:wordpress

Related

nessus 7
openvas 13
patchstack 5
cve 5
ubuntucve 5
prion 5
wpvulndb 4
debiancve 5
securityvulns 2
fedora 4
debian 4
freebsd 1
osv 1
nessus
nessus
WordPress < 3.0.2 Multiple Vulnerabilities
2016-02-26 00:00:00
Fedora 13 : wordpress-2.8.6-3.fc13 (2010-19290)
2011-01-07 00:00:00
Fedora 14 : wordpress-2.8.6-3.fc14 (2010-19296)
2011-01-07 00:00:00
openvas
openvas
WordPress < 3.0.2 Multiple Vulnerabilities
2022-12-08 00:00:00
Debian Security Advisory DSA 2138-1 (wordpress)
2011-03-07 00:00:00
Fedora Update for wordpress FEDORA-2010-19296
2011-01-11 00:00:00
patchstack
patchstack
WordPress <= 3.0.1
2014-01-20 00:00:00
WordPress <= 3.0.1 - Multiple XSS
2014-01-20 00:00:00
WordPress <= 3.0.1 - XSS
2014-01-20 00:00:00
cve
cve
CVE-2010-5293
2014-01-21 01:55:00
CVE-2010-5295
2014-01-21 01:55:00
CVE-2010-5294
2014-01-21 01:55:00
ubuntucve
ubuntucve
CVE-2010-5293
2014-01-21 00:00:00
CVE-2010-5295
2014-01-21 00:00:00
CVE-2010-5294
2014-01-21 00:00:00
prion
prion
Design/Logic Flaw
2014-01-21 01:55:00
Cross site scripting
2014-01-21 01:55:00
Cross site scripting
2014-01-21 01:55:00
wpvulndb
wpvulndb
WordPress 2.0 - 3.0.1 wp-includes/comment.php Bypass Spam Restrictions
2014-08-01 10:58:24
WordPress 2.0 - 3.0.1 Cross-Site Scripting (XSS) in wp-admin/plugins.php
2014-08-01 10:58:24
WordPress 2.0 - 3.0.1 Multiple Cross-Site Scripting (XSS) in request_filesystem_credentials()
2014-08-01 10:58:24
debiancve
debiancve
CVE-2010-5293
2014-01-21 01:55:00
CVE-2010-5295
2014-01-21 01:55:00
CVE-2010-5294
2014-01-21 01:55:00
securityvulns
securityvulns
Web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;
2010-12-27 00:00:00
[SECURITY] [DSA 2138-1] Security update for wordpress
2010-12-29 00:00:00
fedora
fedora
[SECURITY] Fedora 14 Update: wordpress-2.8.6-3.fc14
2011-01-06 19:25:42
[SECURITY] Fedora 13 Update: wordpress-2.8.6-3.fc13
2011-01-06 19:29:30
[SECURITY] Fedora 14 Update: wordpress-mu-2.9.2-2.fc14
2011-01-08 21:30:20
debian
debian
[SECURITY] [DSA 2138-1] Security update for wordpress
2010-12-29 14:37:12
[SECURITY] [DSA 2138-1] Security update for wordpress
2010-12-29 14:37:12
BSA-012 Security Update for wordpress
2010-12-13 10:17:06
freebsd
freebsd
wordpress -- SQL injection vulnerability
2010-11-16 00:00:00
osv
osv
wordpress - SQL injection
2010-12-29 00:00:00
JSON
Related for WORDPRESS_3_0_2.NASL
nessus7openvas13patchstack5cve5ubuntucve5prion5wpvulndb4debiancve5securityvulns2fedora4debian4freebsd1osv1