Lucene search
This script is Copyright (C) 2018-2024 and is owned by Tenable, Inc. or an Affiliate thereof.WORDPRESS_3_0_4.NASLHistoryJan 24, 2018 - 12:00 a.m.
WordPress < 3.0.4 Multiple XSS Vulnerabilities
2018-01-2400:00:00
This script is Copyright (C) 2018-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
16
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
6 Medium
AI Score
Confidence
High
0.013 Low
EPSS
Percentile
86.1%
According to its self-reported version number, the WordPress application running on the remote web server is prior to 3.0.4.
It is, therefore, affected by multiple cross-site scripting (XSS) vulnerabilities in KSES. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code in a user’s browser session.
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#
# (C) Tenable Network Security, Inc.
#
include('compat.inc');
if (description)
{
script_id(106306);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/05");
script_cve_id("CVE-2010-4536");
script_bugtraq_id(45620);
script_name(english:"WordPress < 3.0.4 Multiple XSS Vulnerabilities");
script_set_attribute(attribute:"synopsis", value:
"The remote web server contains a PHP application that is
affected by multiple cross-site scripting (XSS) vulnerabilities.");
script_set_attribute(attribute:"description", value:
"According to its self-reported version number, the WordPress
application running on the remote web server is prior to 3.0.4.
It is, therefore, affected by multiple cross-site scripting (XSS)
vulnerabilities in KSES. An unauthenticated, remote attacker can
exploit this, via a specially crafted request, to execute arbitrary
script code in a user's browser session.
Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.");
script_set_attribute(attribute:"see_also", value:"https://wordpress.org/news/2010/12/3-0-4-update/");
script_set_attribute(attribute:"see_also", value:"https://codex.wordpress.org/Version_3.0.4");
script_set_attribute(attribute:"solution", value:
"Upgrade to WordPress version 3.0.4 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2010/12/29");
script_set_attribute(attribute:"patch_publication_date", value:"2010/12/29");
script_set_attribute(attribute:"plugin_publication_date", value:"2018/01/24");
script_set_attribute(attribute:"potential_vulnerability", value:"true");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:wordpress:wordpress");
script_set_attribute(attribute:"enable_cgi_scanning", value:"true");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CGI abuses");
script_copyright(english:"This script is Copyright (C) 2018-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("wordpress_detect.nasl");
script_require_keys("www/PHP", "installed_sw/WordPress", "Settings/ParanoidReport");
script_exclude_keys("Settings/disable_cgi_scanning");
script_require_ports("Services/www", 80, 443);
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");
include("install_func.inc");
app = "WordPress";
get_install_count(app_name:app, exit_if_zero:TRUE);
if (report_paranoia < 2) audit(AUDIT_PARANOID);
port = get_http_port(default:80, php:TRUE);
install = get_single_install(
app_name : app,
port : port,
exit_if_unknown_ver : TRUE
);
dir = install['path'];
version = install['version'];
install_url = build_url(port:port, qs:dir);
if (report_paranoia < 2) audit(AUDIT_PARANOID);
ver = split(version, sep:'.', keep:FALSE);
for (i=0; i<max_index(ver); i++)
ver[i] = int(ver[i]);
# Versions < 3.0.4 are affected.
if (
ver[0] < 3 ||
(ver[0] == 3 && ver[1] == 0 && ver[2] < 4)
)
{
report =
'\n URL : ' + install_url +
'\n Installed version : ' + version +
'\n Fixed version : 3.0.4' +
'\n';
security_report_v4(
severity : SECURITY_WARNING,
port : port,
extra : report,
xss : TRUE
);
exit(0);
}
audit(AUDIT_WEB_APP_NOT_AFFECTED, app, install_url, version);
Related
openvas
openvas
Fedora Update for wordpress FEDORA-2011-0306
2011-01-21 00:00:00
Fedora Update for wordpress FEDORA-2011-0306
2011-01-21 00:00:00
WordPress KSES Library Cross Site Scripting Vulnerability
2011-01-12 00:00:00
ubuntucve
ubuntucve
CVE-2010-4536
2011-01-03 00:00:00
nvd
nvd
CVE-2010-4536
2011-01-03 20:00:43
cve
cve
CVE-2010-4536
2011-01-03 20:00:43
cvelist
cvelist
CVE-2010-4536
2011-01-03 19:26:00
fedora
fedora
[SECURITY] Fedora 14 Update: wordpress-2.8.6-4.fc14
2011-01-19 21:10:25
[SECURITY] Fedora 13 Update: wordpress-2.8.6-4.fc13
2011-01-19 21:11:25
nessus
nessus
Fedora 14 : wordpress-2.8.6-4.fc14 (2011-0315)
2011-01-20 00:00:00
Fedora 13 : wordpress-2.8.6-4.fc13 (2011-0306)
2011-01-20 00:00:00
prion
prion
Cross site scripting
2011-01-03 20:00:00
debiancve
debiancve
CVE-2010-4536
2011-01-03 20:00:43
patchstack
patchstack
WordPress <= 3.0.3 - Multiple XSS
2010-12-09 00:00:00
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
6 Medium
AI Score
Confidence
High
0.013 Low
EPSS
Percentile
86.1%
Related for WORDPRESS_3_0_4.NASL