ID WORDPRESS_3_3_1.NASL Type nessus Reporter Tenable Modified 2018-11-28T00:00:00
Description
According to its self-reported version number, the WordPress application running on the remote web server is 3.3.x prior to 3.3.1.
It is, therefore, affected by a cross-site scripting (XSS) vulnerability. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code in a user's browser session.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(106378);
script_version("1.3");
script_cvs_date("Date: 2018/11/28 22:47:41");
script_cve_id("CVE-2012-0287");
script_bugtraq_id(51237);
script_name(english:"WordPress 3.3.x < 3.3.1 XSS Vulnerability");
script_summary(english:"Checks the version of WordPress.");
script_set_attribute(attribute:"synopsis", value:
"The remote web server contains a PHP application that is
affected by a cross-site scripting (XSS) vulnerability.");
script_set_attribute(attribute:"description", value:
"According to its self-reported version number, the WordPress
application running on the remote web server is 3.3.x prior to 3.3.1.
It is, therefore, affected by a cross-site scripting (XSS)
vulnerability. An unauthenticated, remote attacker can exploit this,
via a specially crafted request, to execute arbitrary script code in
a user's browser session.
Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.");
script_set_attribute(attribute:"see_also", value:"https://wordpress.org/news/2012/01/wordpress-3-3-1/");
script_set_attribute(attribute:"see_also", value:"https://codex.wordpress.org/Version_3.3.1");
script_set_attribute(attribute:"solution", value:
"Upgrade to WordPress version 3.3.1 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2012/01/03");
script_set_attribute(attribute:"patch_publication_date", value:"2012/01/03");
script_set_attribute(attribute:"plugin_publication_date", value:"2018/01/26");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:wordpress:wordpress");
script_set_attribute(attribute:"potential_vulnerability", value:"true");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CGI abuses");
script_copyright(english:"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("wordpress_detect.nasl");
script_require_keys("www/PHP", "installed_sw/WordPress", "Settings/ParanoidReport");
script_require_ports("Services/www", 80, 443);
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");
include("install_func.inc");
app = "WordPress";
get_install_count(app_name:app, exit_if_zero:TRUE);
if (report_paranoia < 2) audit(AUDIT_PARANOID);
port = get_http_port(default:80, php:TRUE);
install = get_single_install(
app_name : app,
port : port,
exit_if_unknown_ver : TRUE
);
dir = install['path'];
version = install['version'];
install_url = build_url(port:port, qs:dir);
if (report_paranoia < 2) audit(AUDIT_PARANOID);
ver = split(version, sep:'.', keep:FALSE);
for (i=0; i<max_index(ver); i++)
ver[i] = int(ver[i]);
# Versions 3.3.x < 3.3.1 are affected.
if (
ver[0] == 3 && ver[1] == 3 && ver[2] < 1
)
{
report =
'\n URL : ' + install_url +
'\n Installed version : ' + version +
'\n Fixed version : 3.3.1' +
'\n';
security_report_v4(
severity : SECURITY_WARNING,
port : port,
extra : report,
xss : TRUE
);
exit(0);
}
audit(AUDIT_WEB_APP_NOT_AFFECTED, app, install_url, version);
{"id": "WORDPRESS_3_3_1.NASL", "bulletinFamily": "scanner", "title": "WordPress 3.3.x < 3.3.1 XSS Vulnerability", "description": "According to its self-reported version number, the WordPress application running on the remote web server is 3.3.x prior to 3.3.1.\nIt is, therefore, affected by a cross-site scripting (XSS) vulnerability. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code in a user's browser session.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "published": "2018-01-26T00:00:00", "modified": "2018-11-28T00:00:00", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=106378", "reporter": "Tenable", "references": ["https://codex.wordpress.org/Version_3.3.1", "https://wordpress.org/news/2012/01/wordpress-3-3-1/"], "cvelist": ["CVE-2012-0287"], "type": "nessus", "lastseen": "2019-02-21T01:36:10", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/a:wordpress:wordpress"], "cvelist": ["CVE-2012-0287"], "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "description": "According to its self-reported version number, the WordPress application running on the remote web server is 3.3.x prior to 3.3.1.\nIt is, therefore, affected by a cross-site scripting (XSS) vulnerability. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code in a user's browser session.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "edition": 1, "enchantments": {"score": {"modified": "2018-01-27T05:12:45", "value": 4.3}}, "hash": "ead53231a9c40ef20c5b70457ea12acb3b84c599521f79347271711c783e3467", "hashmap": [{"hash": "8b3f1f9b7b27bbf7238874e19f99e238", "key": "published"}, {"hash": "8b3f1f9b7b27bbf7238874e19f99e238", "key": "modified"}, {"hash": "fc381fd73f5a14c98a050b2d391a8804", "key": "cvelist"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "7de35a348a0562c7c2cac7b36eb3863d", "key": "cvss"}, {"hash": "190923394528350bb81871e6b571f394", "key": "references"}, {"hash": "1a7d9de977c769498bf0a4ce31fe2236", "key": "cpe"}, {"hash": "84e4cb10cbf435da0eaac2f8536f52ab", "key": "pluginID"}, {"hash": "796ee41255d09b67c71cf017ec3f5120", "key": "sourceData"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "68bbbd150a8b8ad86861fa24c356088e", "key": "href"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "07948b8ff59e8dda0b01012f70f00327", "key": "naslFamily"}, {"hash": "a7a7300002fbb0c8ab0cb16c8f7410bc", "key": "description"}, {"hash": "50bc9e467004fd0c962d3c3b67b07359", "key": "title"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=106378", "id": "WORDPRESS_3_3_1.NASL", "lastseen": "2018-01-27T05:12:45", "modified": "2018-01-26T00:00:00", "naslFamily": "CGI abuses", "objectVersion": "1.3", "pluginID": "106378", "published": "2018-01-26T00:00:00", "references": ["https://codex.wordpress.org/Version_3.3.1", "https://wordpress.org/news/2012/01/wordpress-3-3-1/"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106378);\n script_version(\"$Revision: 1.1 $\");\n script_cvs_date(\"$Date: 2018/01/26 18:27:09 $\");\n\n script_cve_id(\"CVE-2012-0287\");\n script_bugtraq_id(51237);\n\n script_name(english:\"WordPress 3.3.x < 3.3.1 XSS Vulnerability\");\n script_summary(english:\"Checks the version of WordPress.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server contains a PHP application that is\naffected by a cross-site scripting (XSS) vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the WordPress\napplication running on the remote web server is 3.3.x prior to 3.3.1.\nIt is, therefore, affected by a cross-site scripting (XSS)\nvulnerability. An unauthenticated, remote attacker can exploit this,\nvia a specially crafted request, to execute arbitrary script code in\na user's browser session.\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://wordpress.org/news/2012/01/wordpress-3-3-1/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://codex.wordpress.org/Version_3.3.1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to WordPress version 3.3.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/01/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:wordpress:wordpress\");\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"wordpress_detect.nasl\");\n script_require_keys(\"www/PHP\", \"installed_sw/WordPress\", \"Settings/ParanoidReport\");\n script_require_ports(\"Services/www\", 80, 443);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"install_func.inc\");\n\napp = \"WordPress\";\nget_install_count(app_name:app, exit_if_zero:TRUE);\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nport = get_http_port(default:80, php:TRUE);\n\ninstall = get_single_install(\n app_name : app,\n port : port,\n exit_if_unknown_ver : TRUE\n);\n\ndir = install['path'];\nversion = install['version'];\ninstall_url = build_url(port:port, qs:dir);\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nver = split(version, sep:'.', keep:FALSE);\nfor (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\n# Versions 3.3.x < 3.3.1 are affected.\nif (\n ver[0] == 3 && ver[1] == 3 && ver[2] < 1\n)\n{\n report =\n '\\n URL : ' + install_url +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 3.3.1' +\n '\\n';\n security_report_v4(\n severity : SECURITY_WARNING,\n port : port,\n extra : report,\n xss : TRUE\n );\n exit(0);\n}\naudit(AUDIT_WEB_APP_NOT_AFFECTED, app, install_url, version);\n", "title": "WordPress 3.3.x < 3.3.1 XSS Vulnerability", "type": "nessus", "viewCount": 3}, "differentElements": ["modified", "sourceData"], "edition": 1, "lastseen": "2018-01-27T05:12:45"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/a:wordpress:wordpress"], "cvelist": ["CVE-2012-0287"], "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "description": "According to its self-reported version number, the WordPress application running on the remote web server is 3.3.x prior to 3.3.1.\nIt is, therefore, affected by a cross-site scripting (XSS) vulnerability. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code in a user's browser session.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "edition": 2, "enchantments": {"score": {"value": 4.3, "vector": "NONE"}}, "hash": "a6df977ae1e258c81f211c074ccc9a1992351ad8403b3696c17625db2ecff301", "hashmap": [{"hash": "8b3f1f9b7b27bbf7238874e19f99e238", "key": "published"}, {"hash": "fc381fd73f5a14c98a050b2d391a8804", "key": "cvelist"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "a0550d8929a8d2440a7ab66382b13e88", "key": "modified"}, {"hash": "7de35a348a0562c7c2cac7b36eb3863d", "key": "cvss"}, {"hash": "190923394528350bb81871e6b571f394", "key": "references"}, {"hash": "1a7d9de977c769498bf0a4ce31fe2236", "key": "cpe"}, {"hash": "84e4cb10cbf435da0eaac2f8536f52ab", "key": "pluginID"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "68bbbd150a8b8ad86861fa24c356088e", "key": "href"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "07948b8ff59e8dda0b01012f70f00327", "key": "naslFamily"}, {"hash": "6d2f37b14aecbf5ab45980e4311dd205", "key": "sourceData"}, {"hash": "a7a7300002fbb0c8ab0cb16c8f7410bc", "key": "description"}, {"hash": "50bc9e467004fd0c962d3c3b67b07359", "key": "title"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=106378", "id": "WORDPRESS_3_3_1.NASL", "lastseen": "2018-01-30T01:08:40", "modified": "2018-01-29T00:00:00", "naslFamily": "CGI abuses", "objectVersion": "1.3", "pluginID": "106378", "published": "2018-01-26T00:00:00", "references": ["https://codex.wordpress.org/Version_3.3.1", "https://wordpress.org/news/2012/01/wordpress-3-3-1/"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106378);\n script_version(\"$Revision: 1.2 $\");\n script_cvs_date(\"$Date: 2018/01/29 14:39:08 $\");\n\n script_cve_id(\"CVE-2012-0287\");\n script_bugtraq_id(51237);\n\n script_name(english:\"WordPress 3.3.x < 3.3.1 XSS Vulnerability\");\n script_summary(english:\"Checks the version of WordPress.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server contains a PHP application that is\naffected by a cross-site scripting (XSS) vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the WordPress\napplication running on the remote web server is 3.3.x prior to 3.3.1.\nIt is, therefore, affected by a cross-site scripting (XSS)\nvulnerability. An unauthenticated, remote attacker can exploit this,\nvia a specially crafted request, to execute arbitrary script code in\na user's browser session.\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://wordpress.org/news/2012/01/wordpress-3-3-1/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://codex.wordpress.org/Version_3.3.1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to WordPress version 3.3.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/01/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:wordpress:wordpress\");\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"wordpress_detect.nasl\");\n script_require_keys(\"www/PHP\", \"installed_sw/WordPress\", \"Settings/ParanoidReport\");\n script_require_ports(\"Services/www\", 80, 443);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"install_func.inc\");\n\napp = \"WordPress\";\nget_install_count(app_name:app, exit_if_zero:TRUE);\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nport = get_http_port(default:80, php:TRUE);\n\ninstall = get_single_install(\n app_name : app,\n port : port,\n exit_if_unknown_ver : TRUE\n);\n\ndir = install['path'];\nversion = install['version'];\ninstall_url = build_url(port:port, qs:dir);\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nver = split(version, sep:'.', keep:FALSE);\nfor (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\n# Versions 3.3.x < 3.3.1 are affected.\nif (\n ver[0] == 3 && ver[1] == 3 && ver[2] < 1\n)\n{\n report =\n '\\n URL : ' + install_url +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 3.3.1' +\n '\\n';\n security_report_v4(\n severity : SECURITY_WARNING,\n port : port,\n extra : report,\n xss : TRUE\n );\n exit(0);\n}\naudit(AUDIT_WEB_APP_NOT_AFFECTED, app, install_url, version);\n", "title": "WordPress 3.3.x < 3.3.1 XSS Vulnerability", "type": "nessus", "viewCount": 3}, "differentElements": ["cvss"], "edition": 2, "lastseen": "2018-01-30T01:08:40"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/a:wordpress:wordpress"], "cvelist": ["CVE-2012-0287"], "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "description": "According to its self-reported version number, the WordPress\napplication running on the remote web server is 3.3.x prior to 3.3.1.\nIt is, therefore, affected by a cross-site scripting (XSS)\nvulnerability. An unauthenticated, remote attacker can exploit this,\nvia a specially crafted request, to execute arbitrary script code in\na user's browser session.\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.", "edition": 6, "enchantments": {"dependencies": {"modified": "2019-01-16T20:32:05", "references": [{"idList": ["FEDORA_2012-0247.NASL", "FEDORA_2012-0248.NASL"], "type": "nessus"}, {"idList": ["OPENVAS:1361412562310863685", "OPENVAS:1361412562310864035", "OPENVAS:863685", "OPENVAS:864035"], "type": "openvas"}, {"idList": ["CVE-2012-0287"], "type": "cve"}]}, "score": {"value": 4.3, "vector": "NONE"}}, "hash": "b483221f835c592b105a2f683889b00bc467a38d3bcd3953da428df9f83cc9dd", "hashmap": [{"hash": "ff5e063e92d97444670c3d707157d132", "key": "description"}, {"hash": "8b3f1f9b7b27bbf7238874e19f99e238", "key": "published"}, {"hash": "ee3c0d1f77a44ea235670c06972c0215", "key": "sourceData"}, {"hash": "fc381fd73f5a14c98a050b2d391a8804", "key": "cvelist"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "7de35a348a0562c7c2cac7b36eb3863d", "key": "cvss"}, {"hash": "190923394528350bb81871e6b571f394", "key": "references"}, {"hash": "1a7d9de977c769498bf0a4ce31fe2236", "key": "cpe"}, {"hash": "84e4cb10cbf435da0eaac2f8536f52ab", "key": "pluginID"}, {"hash": "460b12446c99e9f96de9e7fe92f5d167", "key": "modified"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "68bbbd150a8b8ad86861fa24c356088e", "key": "href"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "07948b8ff59e8dda0b01012f70f00327", "key": "naslFamily"}, {"hash": "50bc9e467004fd0c962d3c3b67b07359", "key": "title"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=106378", "id": "WORDPRESS_3_3_1.NASL", "lastseen": "2019-01-16T20:32:05", "modified": "2018-11-28T00:00:00", "naslFamily": "CGI abuses", "objectVersion": "1.3", "pluginID": "106378", "published": "2018-01-26T00:00:00", "references": ["https://codex.wordpress.org/Version_3.3.1", "https://wordpress.org/news/2012/01/wordpress-3-3-1/"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106378);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/11/28 22:47:41\");\n\n script_cve_id(\"CVE-2012-0287\");\n script_bugtraq_id(51237);\n\n script_name(english:\"WordPress 3.3.x < 3.3.1 XSS Vulnerability\");\n script_summary(english:\"Checks the version of WordPress.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server contains a PHP application that is\naffected by a cross-site scripting (XSS) vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the WordPress\napplication running on the remote web server is 3.3.x prior to 3.3.1.\nIt is, therefore, affected by a cross-site scripting (XSS)\nvulnerability. An unauthenticated, remote attacker can exploit this,\nvia a specially crafted request, to execute arbitrary script code in\na user's browser session.\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://wordpress.org/news/2012/01/wordpress-3-3-1/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://codex.wordpress.org/Version_3.3.1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to WordPress version 3.3.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/01/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:wordpress:wordpress\");\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"wordpress_detect.nasl\");\n script_require_keys(\"www/PHP\", \"installed_sw/WordPress\", \"Settings/ParanoidReport\");\n script_require_ports(\"Services/www\", 80, 443);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"install_func.inc\");\n\napp = \"WordPress\";\nget_install_count(app_name:app, exit_if_zero:TRUE);\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nport = get_http_port(default:80, php:TRUE);\n\ninstall = get_single_install(\n app_name : app,\n port : port,\n exit_if_unknown_ver : TRUE\n);\n\ndir = install['path'];\nversion = install['version'];\ninstall_url = build_url(port:port, qs:dir);\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nver = split(version, sep:'.', keep:FALSE);\nfor (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\n# Versions 3.3.x < 3.3.1 are affected.\nif (\n ver[0] == 3 && ver[1] == 3 && ver[2] < 1\n)\n{\n report =\n '\\n URL : ' + install_url +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 3.3.1' +\n '\\n';\n security_report_v4(\n severity : SECURITY_WARNING,\n port : port,\n extra : report,\n xss : TRUE\n );\n exit(0);\n}\naudit(AUDIT_WEB_APP_NOT_AFFECTED, app, install_url, version);\n", "title": "WordPress 3.3.x < 3.3.1 XSS Vulnerability", "type": "nessus", "viewCount": 3}, "differentElements": ["description"], "edition": 6, "lastseen": "2019-01-16T20:32:05"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/a:wordpress:wordpress"], "cvelist": ["CVE-2012-0287"], "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "description": "According to its self-reported version number, the WordPress application running on the remote web server is 3.3.x prior to 3.3.1.\nIt is, therefore, affected by a cross-site scripting (XSS) vulnerability. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code in a user's browser session.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "edition": 4, "enchantments": {"score": {"value": 4.3, "vector": "NONE"}}, "hash": "a6df977ae1e258c81f211c074ccc9a1992351ad8403b3696c17625db2ecff301", "hashmap": [{"hash": "8b3f1f9b7b27bbf7238874e19f99e238", "key": "published"}, {"hash": "fc381fd73f5a14c98a050b2d391a8804", "key": "cvelist"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "a0550d8929a8d2440a7ab66382b13e88", "key": "modified"}, {"hash": "7de35a348a0562c7c2cac7b36eb3863d", "key": "cvss"}, {"hash": "190923394528350bb81871e6b571f394", "key": "references"}, {"hash": "1a7d9de977c769498bf0a4ce31fe2236", "key": "cpe"}, {"hash": "84e4cb10cbf435da0eaac2f8536f52ab", "key": "pluginID"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "68bbbd150a8b8ad86861fa24c356088e", "key": "href"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "07948b8ff59e8dda0b01012f70f00327", "key": "naslFamily"}, {"hash": "6d2f37b14aecbf5ab45980e4311dd205", "key": "sourceData"}, {"hash": "a7a7300002fbb0c8ab0cb16c8f7410bc", "key": "description"}, {"hash": "50bc9e467004fd0c962d3c3b67b07359", "key": "title"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=106378", "id": "WORDPRESS_3_3_1.NASL", "lastseen": "2018-09-01T23:59:02", "modified": "2018-01-29T00:00:00", "naslFamily": "CGI abuses", "objectVersion": "1.3", "pluginID": "106378", "published": "2018-01-26T00:00:00", "references": ["https://codex.wordpress.org/Version_3.3.1", "https://wordpress.org/news/2012/01/wordpress-3-3-1/"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106378);\n script_version(\"$Revision: 1.2 $\");\n script_cvs_date(\"$Date: 2018/01/29 14:39:08 $\");\n\n script_cve_id(\"CVE-2012-0287\");\n script_bugtraq_id(51237);\n\n script_name(english:\"WordPress 3.3.x < 3.3.1 XSS Vulnerability\");\n script_summary(english:\"Checks the version of WordPress.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server contains a PHP application that is\naffected by a cross-site scripting (XSS) vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the WordPress\napplication running on the remote web server is 3.3.x prior to 3.3.1.\nIt is, therefore, affected by a cross-site scripting (XSS)\nvulnerability. An unauthenticated, remote attacker can exploit this,\nvia a specially crafted request, to execute arbitrary script code in\na user's browser session.\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://wordpress.org/news/2012/01/wordpress-3-3-1/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://codex.wordpress.org/Version_3.3.1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to WordPress version 3.3.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/01/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:wordpress:wordpress\");\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"wordpress_detect.nasl\");\n script_require_keys(\"www/PHP\", \"installed_sw/WordPress\", \"Settings/ParanoidReport\");\n script_require_ports(\"Services/www\", 80, 443);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"install_func.inc\");\n\napp = \"WordPress\";\nget_install_count(app_name:app, exit_if_zero:TRUE);\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nport = get_http_port(default:80, php:TRUE);\n\ninstall = get_single_install(\n app_name : app,\n port : port,\n exit_if_unknown_ver : TRUE\n);\n\ndir = install['path'];\nversion = install['version'];\ninstall_url = build_url(port:port, qs:dir);\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nver = split(version, sep:'.', keep:FALSE);\nfor (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\n# Versions 3.3.x < 3.3.1 are affected.\nif (\n ver[0] == 3 && ver[1] == 3 && ver[2] < 1\n)\n{\n report =\n '\\n URL : ' + install_url +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 3.3.1' +\n '\\n';\n security_report_v4(\n severity : SECURITY_WARNING,\n port : port,\n extra : report,\n xss : TRUE\n );\n exit(0);\n}\naudit(AUDIT_WEB_APP_NOT_AFFECTED, app, install_url, version);\n", "title": "WordPress 3.3.x < 3.3.1 XSS Vulnerability", "type": "nessus", "viewCount": 3}, "differentElements": ["modified", "sourceData"], "edition": 4, "lastseen": "2018-09-01T23:59:02"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/a:wordpress:wordpress"], "cvelist": ["CVE-2012-0287"], "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "description": "According to its self-reported version number, the WordPress application running on the remote web server is 3.3.x prior to 3.3.1.\nIt is, therefore, affected by a cross-site scripting (XSS) vulnerability. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code in a user's browser session.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "edition": 5, "enchantments": {"score": {"value": 4.3, "vector": "NONE"}}, "hash": "e26d42db099be58e52bba0d5c0fed014c6bd09f8f07254f5edbc7dd4c511e7f8", "hashmap": [{"hash": "8b3f1f9b7b27bbf7238874e19f99e238", "key": "published"}, {"hash": "ee3c0d1f77a44ea235670c06972c0215", "key": "sourceData"}, {"hash": "fc381fd73f5a14c98a050b2d391a8804", "key": "cvelist"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "7de35a348a0562c7c2cac7b36eb3863d", "key": "cvss"}, {"hash": "190923394528350bb81871e6b571f394", "key": "references"}, {"hash": "1a7d9de977c769498bf0a4ce31fe2236", "key": "cpe"}, {"hash": "84e4cb10cbf435da0eaac2f8536f52ab", "key": "pluginID"}, {"hash": "460b12446c99e9f96de9e7fe92f5d167", "key": "modified"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "68bbbd150a8b8ad86861fa24c356088e", "key": "href"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "07948b8ff59e8dda0b01012f70f00327", "key": "naslFamily"}, {"hash": "a7a7300002fbb0c8ab0cb16c8f7410bc", "key": "description"}, {"hash": "50bc9e467004fd0c962d3c3b67b07359", "key": "title"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=106378", "id": "WORDPRESS_3_3_1.NASL", "lastseen": "2018-11-29T19:37:11", "modified": "2018-11-28T00:00:00", "naslFamily": "CGI abuses", "objectVersion": "1.3", "pluginID": "106378", "published": "2018-01-26T00:00:00", "references": ["https://codex.wordpress.org/Version_3.3.1", "https://wordpress.org/news/2012/01/wordpress-3-3-1/"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106378);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/11/28 22:47:41\");\n\n script_cve_id(\"CVE-2012-0287\");\n script_bugtraq_id(51237);\n\n script_name(english:\"WordPress 3.3.x < 3.3.1 XSS Vulnerability\");\n script_summary(english:\"Checks the version of WordPress.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server contains a PHP application that is\naffected by a cross-site scripting (XSS) vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the WordPress\napplication running on the remote web server is 3.3.x prior to 3.3.1.\nIt is, therefore, affected by a cross-site scripting (XSS)\nvulnerability. An unauthenticated, remote attacker can exploit this,\nvia a specially crafted request, to execute arbitrary script code in\na user's browser session.\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://wordpress.org/news/2012/01/wordpress-3-3-1/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://codex.wordpress.org/Version_3.3.1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to WordPress version 3.3.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/01/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:wordpress:wordpress\");\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"wordpress_detect.nasl\");\n script_require_keys(\"www/PHP\", \"installed_sw/WordPress\", \"Settings/ParanoidReport\");\n script_require_ports(\"Services/www\", 80, 443);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"install_func.inc\");\n\napp = \"WordPress\";\nget_install_count(app_name:app, exit_if_zero:TRUE);\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nport = get_http_port(default:80, php:TRUE);\n\ninstall = get_single_install(\n app_name : app,\n port : port,\n exit_if_unknown_ver : TRUE\n);\n\ndir = install['path'];\nversion = install['version'];\ninstall_url = build_url(port:port, qs:dir);\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nver = split(version, sep:'.', keep:FALSE);\nfor (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\n# Versions 3.3.x < 3.3.1 are affected.\nif (\n ver[0] == 3 && ver[1] == 3 && ver[2] < 1\n)\n{\n report =\n '\\n URL : ' + install_url +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 3.3.1' +\n '\\n';\n security_report_v4(\n severity : SECURITY_WARNING,\n port : port,\n extra : report,\n xss : TRUE\n );\n exit(0);\n}\naudit(AUDIT_WEB_APP_NOT_AFFECTED, app, install_url, version);\n", "title": "WordPress 3.3.x < 3.3.1 XSS Vulnerability", "type": "nessus", "viewCount": 3}, "differentElements": ["description"], "edition": 5, "lastseen": "2018-11-29T19:37:11"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/a:wordpress:wordpress"], "cvelist": ["CVE-2012-0287"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "According to its self-reported version number, the WordPress application running on the remote web server is 3.3.x prior to 3.3.1.\nIt is, therefore, affected by a cross-site scripting (XSS) vulnerability. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code in a user's browser session.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "edition": 3, "enchantments": {"score": {"value": 4.3, "vector": "NONE"}}, "hash": "e809ac4d51a540b21478bf4b273ac00d488a0bc485acd0d995fd7d6f29684f53", "hashmap": [{"hash": "8b3f1f9b7b27bbf7238874e19f99e238", "key": "published"}, {"hash": "fc381fd73f5a14c98a050b2d391a8804", "key": "cvelist"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "a0550d8929a8d2440a7ab66382b13e88", "key": "modified"}, {"hash": "190923394528350bb81871e6b571f394", "key": "references"}, {"hash": "1a7d9de977c769498bf0a4ce31fe2236", "key": "cpe"}, {"hash": "84e4cb10cbf435da0eaac2f8536f52ab", "key": "pluginID"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "68bbbd150a8b8ad86861fa24c356088e", "key": "href"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "07948b8ff59e8dda0b01012f70f00327", "key": "naslFamily"}, {"hash": "6d2f37b14aecbf5ab45980e4311dd205", "key": "sourceData"}, {"hash": "a7a7300002fbb0c8ab0cb16c8f7410bc", "key": "description"}, {"hash": "50bc9e467004fd0c962d3c3b67b07359", "key": "title"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=106378", "id": "WORDPRESS_3_3_1.NASL", "lastseen": "2018-08-30T19:51:09", "modified": "2018-01-29T00:00:00", "naslFamily": "CGI abuses", "objectVersion": "1.3", "pluginID": "106378", "published": "2018-01-26T00:00:00", "references": ["https://codex.wordpress.org/Version_3.3.1", "https://wordpress.org/news/2012/01/wordpress-3-3-1/"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106378);\n script_version(\"$Revision: 1.2 $\");\n script_cvs_date(\"$Date: 2018/01/29 14:39:08 $\");\n\n script_cve_id(\"CVE-2012-0287\");\n script_bugtraq_id(51237);\n\n script_name(english:\"WordPress 3.3.x < 3.3.1 XSS Vulnerability\");\n script_summary(english:\"Checks the version of WordPress.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server contains a PHP application that is\naffected by a cross-site scripting (XSS) vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the WordPress\napplication running on the remote web server is 3.3.x prior to 3.3.1.\nIt is, therefore, affected by a cross-site scripting (XSS)\nvulnerability. An unauthenticated, remote attacker can exploit this,\nvia a specially crafted request, to execute arbitrary script code in\na user's browser session.\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://wordpress.org/news/2012/01/wordpress-3-3-1/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://codex.wordpress.org/Version_3.3.1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to WordPress version 3.3.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/01/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:wordpress:wordpress\");\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"wordpress_detect.nasl\");\n script_require_keys(\"www/PHP\", \"installed_sw/WordPress\", \"Settings/ParanoidReport\");\n script_require_ports(\"Services/www\", 80, 443);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"install_func.inc\");\n\napp = \"WordPress\";\nget_install_count(app_name:app, exit_if_zero:TRUE);\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nport = get_http_port(default:80, php:TRUE);\n\ninstall = get_single_install(\n app_name : app,\n port : port,\n exit_if_unknown_ver : TRUE\n);\n\ndir = install['path'];\nversion = install['version'];\ninstall_url = build_url(port:port, qs:dir);\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nver = split(version, sep:'.', keep:FALSE);\nfor (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\n# Versions 3.3.x < 3.3.1 are affected.\nif (\n ver[0] == 3 && ver[1] == 3 && ver[2] < 1\n)\n{\n report =\n '\\n URL : ' + install_url +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 3.3.1' +\n '\\n';\n security_report_v4(\n severity : SECURITY_WARNING,\n port : port,\n extra : report,\n xss : TRUE\n );\n exit(0);\n}\naudit(AUDIT_WEB_APP_NOT_AFFECTED, app, install_url, version);\n", "title": "WordPress 3.3.x < 3.3.1 XSS Vulnerability", "type": "nessus", "viewCount": 3}, "differentElements": ["cvss"], "edition": 3, "lastseen": "2018-08-30T19:51:09"}], "edition": 7, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "1a7d9de977c769498bf0a4ce31fe2236"}, {"key": "cvelist", "hash": "fc381fd73f5a14c98a050b2d391a8804"}, {"key": "cvss", "hash": "7de35a348a0562c7c2cac7b36eb3863d"}, {"key": "description", "hash": "a7a7300002fbb0c8ab0cb16c8f7410bc"}, {"key": "href", "hash": "68bbbd150a8b8ad86861fa24c356088e"}, {"key": "modified", "hash": "460b12446c99e9f96de9e7fe92f5d167"}, {"key": "naslFamily", "hash": "07948b8ff59e8dda0b01012f70f00327"}, {"key": "pluginID", "hash": "84e4cb10cbf435da0eaac2f8536f52ab"}, {"key": "published", "hash": "8b3f1f9b7b27bbf7238874e19f99e238"}, {"key": "references", "hash": "190923394528350bb81871e6b571f394"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "ee3c0d1f77a44ea235670c06972c0215"}, {"key": "title", "hash": "50bc9e467004fd0c962d3c3b67b07359"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "e26d42db099be58e52bba0d5c0fed014c6bd09f8f07254f5edbc7dd4c511e7f8", "viewCount": 3, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2012-0287"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310863685", "OPENVAS:864035", "OPENVAS:863685", "OPENVAS:1361412562310864035"]}, {"type": "nessus", "idList": ["FEDORA_2012-0248.NASL", "FEDORA_2012-0247.NASL"]}], "modified": "2019-02-21T01:36:10"}, "score": {"value": 4.3, "vector": "NONE"}, "vulnersScore": 4.3}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106378);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/11/28 22:47:41\");\n\n script_cve_id(\"CVE-2012-0287\");\n script_bugtraq_id(51237);\n\n script_name(english:\"WordPress 3.3.x < 3.3.1 XSS Vulnerability\");\n script_summary(english:\"Checks the version of WordPress.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server contains a PHP application that is\naffected by a cross-site scripting (XSS) vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the WordPress\napplication running on the remote web server is 3.3.x prior to 3.3.1.\nIt is, therefore, affected by a cross-site scripting (XSS)\nvulnerability. An unauthenticated, remote attacker can exploit this,\nvia a specially crafted request, to execute arbitrary script code in\na user's browser session.\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://wordpress.org/news/2012/01/wordpress-3-3-1/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://codex.wordpress.org/Version_3.3.1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to WordPress version 3.3.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/01/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:wordpress:wordpress\");\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"wordpress_detect.nasl\");\n script_require_keys(\"www/PHP\", \"installed_sw/WordPress\", \"Settings/ParanoidReport\");\n script_require_ports(\"Services/www\", 80, 443);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"install_func.inc\");\n\napp = \"WordPress\";\nget_install_count(app_name:app, exit_if_zero:TRUE);\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nport = get_http_port(default:80, php:TRUE);\n\ninstall = get_single_install(\n app_name : app,\n port : port,\n exit_if_unknown_ver : TRUE\n);\n\ndir = install['path'];\nversion = install['version'];\ninstall_url = build_url(port:port, qs:dir);\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nver = split(version, sep:'.', keep:FALSE);\nfor (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\n# Versions 3.3.x < 3.3.1 are affected.\nif (\n ver[0] == 3 && ver[1] == 3 && ver[2] < 1\n)\n{\n report =\n '\\n URL : ' + install_url +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 3.3.1' +\n '\\n';\n security_report_v4(\n severity : SECURITY_WARNING,\n port : port,\n extra : report,\n xss : TRUE\n );\n exit(0);\n}\naudit(AUDIT_WEB_APP_NOT_AFFECTED, app, install_url, version);\n", "naslFamily": "CGI abuses", "pluginID": "106378", "cpe": ["cpe:/a:wordpress:wordpress"], "scheme": null}
{"cve": [{"lastseen": "2016-09-03T16:08:52", "bulletinFamily": "NVD", "description": "Cross-site scripting (XSS) vulnerability in wp-comments-post.php in WordPress 3.3.x before 3.3.1, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via the query string in a POST operation that is not properly handled by the \"Duplicate comment detected\" feature.", "modified": "2012-10-11T23:24:15", "published": "2012-01-05T23:01:26", "id": "CVE-2012-0287", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0287", "type": "cve", "title": "CVE-2012-0287", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "openvas": [{"lastseen": "2019-03-18T14:42:10", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2012-01-20T00:00:00", "id": "OPENVAS:1361412562310863685", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863685", "title": "Fedora Update for wordpress FEDORA-2012-0247", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for wordpress FEDORA-2012-0247\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-January/072064.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863685\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-01-20 10:58:28 +0530 (Fri, 20 Jan 2012)\");\n script_cve_id(\"CVE-2012-0287\");\n script_tag(name:\"cvss_base\", value:\"2.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:N/I:P/A:N\");\n script_xref(name:\"FEDORA\", value:\"2012-0247\");\n script_name(\"Fedora Update for wordpress FEDORA-2012-0247\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'wordpress'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC15\");\n script_tag(name:\"affected\", value:\"wordpress on Fedora 15\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"wordpress\", rpm:\"wordpress~3.3.1~1.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-01-02T10:57:59", "bulletinFamily": "scanner", "description": "Check for the Version of wordpress", "modified": "2017-12-28T00:00:00", "published": "2012-01-20T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=863685", "id": "OPENVAS:863685", "title": "Fedora Update for wordpress FEDORA-2012-0247", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for wordpress FEDORA-2012-0247\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"wordpress on Fedora 15\";\ntag_insight = \"Wordpress is an online publishing / weblog package that makes it very easy,\n almost trivial, to get information out to people on the web.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-January/072064.html\");\n script_id(863685);\n script_version(\"$Revision: 8253 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-28 07:29:51 +0100 (Thu, 28 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-01-20 10:58:28 +0530 (Fri, 20 Jan 2012)\");\n script_cve_id(\"CVE-2012-0287\");\n script_tag(name:\"cvss_base\", value:\"2.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2012-0247\");\n script_name(\"Fedora Update for wordpress FEDORA-2012-0247\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of wordpress\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"wordpress\", rpm:\"wordpress~3.3.1~1.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-03-18T14:41:02", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2012-04-02T00:00:00", "id": "OPENVAS:1361412562310864035", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864035", "title": "Fedora Update for wordpress FEDORA-2012-0248", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for wordpress FEDORA-2012-0248\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-January/072052.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864035\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-02 13:04:17 +0530 (Mon, 02 Apr 2012)\");\n script_cve_id(\"CVE-2012-0287\");\n script_tag(name:\"cvss_base\", value:\"2.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:N/I:P/A:N\");\n script_xref(name:\"FEDORA\", value:\"2012-0248\");\n script_name(\"Fedora Update for wordpress FEDORA-2012-0248\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'wordpress'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC16\");\n script_tag(name:\"affected\", value:\"wordpress on Fedora 16\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"wordpress\", rpm:\"wordpress~3.3.1~1.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-01-06T13:07:52", "bulletinFamily": "scanner", "description": "Check for the Version of wordpress", "modified": "2018-01-05T00:00:00", "published": "2012-04-02T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=864035", "id": "OPENVAS:864035", "title": "Fedora Update for wordpress FEDORA-2012-0248", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for wordpress FEDORA-2012-0248\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"wordpress on Fedora 16\";\ntag_insight = \"Wordpress is an online publishing / weblog package that makes it very easy,\n almost trivial, to get information out to people on the web.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-January/072052.html\");\n script_id(864035);\n script_version(\"$Revision: 8295 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-05 07:29:18 +0100 (Fri, 05 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-02 13:04:17 +0530 (Mon, 02 Apr 2012)\");\n script_cve_id(\"CVE-2012-0287\");\n script_tag(name:\"cvss_base\", value:\"2.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2012-0248\");\n script_name(\"Fedora Update for wordpress FEDORA-2012-0248\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of wordpress\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"wordpress\", rpm:\"wordpress~3.3.1~1.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "nessus": [{"lastseen": "2019-02-21T01:15:52", "bulletinFamily": "scanner", "description": "Upgrade to the upstream latest release, fixing also CVE-2012-0287\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-11-28T00:00:00", "id": "FEDORA_2012-0248.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=57566", "published": "2012-01-17T00:00:00", "title": "Fedora 16 : wordpress-3.3.1-1.fc16 (2012-0248)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-0248.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57566);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/11/28 22:47:44\");\n\n script_cve_id(\"CVE-2012-0287\");\n script_bugtraq_id(51237);\n script_xref(name:\"FEDORA\", value:\"2012-0248\");\n\n script_name(english:\"Fedora 16 : wordpress-3.3.1-1.fc16 (2012-0248)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Upgrade to the upstream latest release, fixing also CVE-2012-0287\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=771730\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-January/072052.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2eeddf76\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected wordpress package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:wordpress\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:16\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^16([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 16.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC16\", reference:\"wordpress-3.3.1-1.fc16\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wordpress\");\n}\n", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-02-21T01:15:52", "bulletinFamily": "scanner", "description": "Upgrade to the upstream latest release, fixing also CVE-2012-0287\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-11-28T00:00:00", "id": "FEDORA_2012-0247.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=57565", "published": "2012-01-17T00:00:00", "title": "Fedora 15 : wordpress-3.3.1-1.fc15 (2012-0247)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-0247.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57565);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/11/28 22:47:44\");\n\n script_cve_id(\"CVE-2012-0287\");\n script_bugtraq_id(51237);\n script_xref(name:\"FEDORA\", value:\"2012-0247\");\n\n script_name(english:\"Fedora 15 : wordpress-3.3.1-1.fc15 (2012-0247)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Upgrade to the upstream latest release, fixing also CVE-2012-0287\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=771730\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-January/072064.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1e50b97b\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected wordpress package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:wordpress\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:15\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^15([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 15.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC15\", reference:\"wordpress-3.3.1-1.fc15\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wordpress\");\n}\n", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}]}
