Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2013-2021 Tenable Network Security, Inc.WORDPRESS_3_5_2.NASL
HistoryJun 28, 2013 - 12:00 a.m.

WordPress < 3.5.2 Multiple Vulnerabilities

2013-06-2800:00:00
This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.
www.tenable.com
22
JSON

According to its version number, the WordPress install hosted on the remote web server is affected by multiple vulnerabilities :

  • The application contains a denial of service attack, affecting sites using password-protected posts.
    (CVE-2013-2173)

  • The application is affected by a server-side request forgery vulnerability. This vulnerability can be used to gain access to a site. (CVE-2013-2199)

  • A privilege escalation vulnerability exists that allows contributors to publish posts and users to reassign authorship. (CVE-2013-2200)

  • A cross-site scripting vulnerability exists related to uploading media. (CVE-2013-2201)

  • A XML External Entity Injection (XXE) vulnerability exists in β€˜oEmbed’. (CVE-2013-2202)

  • A vulnerability exists disclosing a full file path related to file upload. (CVE-2013-2203)

  • A cross-site scripting vulnerability exists related to β€˜TinyMCE’ library. (CVE-2013-2204)

  • The application is affected by a cross-site scripting vulnerability in the β€˜SWFUpload’ library.
    (CVE-2013-2205)

  • Cross-site scripting vulnerabilities exist in the β€˜post.php’ script relating to the β€˜excerpt’ and β€˜content’ parameters.

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(67021);
  script_version("1.14");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");

 script_cve_id(
    "CVE-2013-2173",
    "CVE-2013-2199",
    "CVE-2013-2200",
    "CVE-2013-2201",
    "CVE-2013-2202",
    "CVE-2013-2203",
    "CVE-2013-2204",
    "CVE-2013-2205"
 );
 script_bugtraq_id(
   60477,
   60757,
   60758,
   60759,
   60770,
   60775,
   60781,
   60825,
   60892
 );

  script_name(english:"WordPress < 3.5.2 Multiple Vulnerabilities");
  script_summary(english:"Checks the version of WordPress.");

  script_set_attribute(attribute:"synopsis", value:
"The remote web server contains a PHP application that is affected by
multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"According to its version number, the WordPress install hosted on the
remote web server is affected by multiple vulnerabilities :

  - The application contains a denial of service attack,
    affecting sites using password-protected posts.
    (CVE-2013-2173)

  - The application is affected by a server-side request
    forgery vulnerability. This vulnerability can be used
    to gain access to a site. (CVE-2013-2199)

  - A privilege escalation vulnerability exists that allows
    contributors to publish posts and users to reassign
    authorship. (CVE-2013-2200)

  - A cross-site scripting vulnerability exists related to
    uploading media. (CVE-2013-2201)

  - A XML External Entity Injection (XXE) vulnerability
    exists in 'oEmbed'. (CVE-2013-2202)

  - A vulnerability exists disclosing a full file path
    related to file upload. (CVE-2013-2203)

  - A cross-site scripting vulnerability exists related
    to 'TinyMCE' library. (CVE-2013-2204)

  - The application is affected by a cross-site scripting
    vulnerability in the 'SWFUpload' library.
    (CVE-2013-2205)

  - Cross-site scripting vulnerabilities exist in the
    'post.php' script relating to the 'excerpt' and
    'content' parameters.

Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.");
  script_set_attribute(attribute:"see_also", value:"https://wordpress.org/news/2013/06/wordpress-3-5-2/");
  script_set_attribute(attribute:"see_also", value:"https://codex.wordpress.org/Version_3.5.2");
  # https://core.trac.wordpress.org/log/branches/3.5?rev=24498&stop_rev=23347
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?af0aeb24");
  script_set_attribute(attribute:"see_also", value:"https://seclists.org/fulldisclosure/2013/Jul/7");
  script_set_attribute(attribute:"solution", value:"Upgrade to WordPress 3.5.2 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);

  script_set_attribute(attribute:"vuln_publication_date", value:"2013/06/21");
  script_set_attribute(attribute:"patch_publication_date", value:"2013/06/21");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/06/28");

  script_set_attribute(attribute:"potential_vulnerability", value:"true");
  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:wordpress:wordpress");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CGI abuses");

  script_copyright(english:"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.");

  script_dependencies("wordpress_detect.nasl");
  script_require_keys("www/PHP", "installed_sw/WordPress", "Settings/ParanoidReport");
  script_require_ports("Services/www", 80);

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");
include("install_func.inc");

app = "WordPress";
get_install_count(app_name:app, exit_if_zero:TRUE);

port = get_http_port(default:80, php:TRUE);

install = get_single_install(
  app_name : app,
  port     : port,
  exit_if_unknown_ver : TRUE
);

dir = install['path'];
version = install['version'];
install_url = build_url(port:port, qs:dir);

if (report_paranoia < 2) audit(AUDIT_PARANOID);

ver = split(version, sep:".", keep:FALSE);
for (i=0; i<max_index(ver); i++)
  ver[i] = int(ver[i]);

# Versions less than 3.5.2 are vulnerable
if (
  ver[0] < 3 ||
  (ver[0] == 3 && ver[1] < 5) ||
  (ver[0] == 3 && ver[1] == 5 && ver[2] < 2)
)
{
  set_kb_item(name:"www/"+port+"/XSS", value:TRUE);
  if (report_verbosity > 0)
  {
    report =
      '\n  URL               : ' +install_url+
      '\n  Installed version : ' +version+
      '\n  Fixed version     : 3.5.2\n';
    security_warning(port:port, extra:report);
  }
  else security_warning(port);
}
else audit(AUDIT_WEB_APP_NOT_AFFECTED, app, install_url, version);
VendorProductVersionCPE
wordpresswordpresscpe:/a:wordpress:wordpress

Related

securityvulns 2
openvas 15
nessus 7
fedora 8
freebsd 1
debian 1
osv 1
mageia 1
prion 8
ubuntucve 8
patchstack 9
cve 8
debiancve 8
seebug 1
wpvulndb 5
veracode 1
securityvulns
securityvulns
Web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;
2013-07-08 00:00:00
[SECURITY] [DSA 2718-1] wordpress security update
2013-07-08 00:00:00
openvas
openvas
Fedora Update for wordpress FEDORA-2013-11590
2013-08-20 00:00:00
Fedora Update for wordpress FEDORA-2013-11590
2013-08-20 00:00:00
Debian: Security Advisory (DSA-2718-1)
2013-06-30 00:00:00
nessus
nessus
Fedora 17 : wordpress-3.5.2-1.fc17 (2013-11649)
2013-07-12 00:00:00
Fedora 19 : wordpress-3.5.2-1.fc19 (2013-11590)
2013-07-12 00:00:00
Fedora 18 : wordpress-3.5.2-1.fc18 (2013-11630)
2013-07-12 00:00:00
fedora
fedora
[SECURITY] Fedora 19 Update: wordpress-3.5.2-1.fc19
2013-07-03 01:36:05
[SECURITY] Fedora 18 Update: wordpress-3.5.2-1.fc18
2013-07-03 01:37:44
[SECURITY] Fedora 19 Update: wordpress-3.6.1-1.fc19
2013-09-26 06:04:43
freebsd
freebsd
wordpress -- multiple vulnerabilities
2013-06-21 00:00:00
debian
debian
[SECURITY] [DSA 2718-1] wordpress security update
2013-07-02 19:50:33
osv
osv
wordpress - several
2013-07-01 00:00:00
mageia
mageia
Updated wordpress package fixes security vulnerabilities
2013-07-01 23:19:24
prion
prion
Cross site scripting
2013-07-08 20:55:00
Design/Logic Flaw
2013-06-21 13:57:00
Spoofing
2013-07-08 20:55:00
ubuntucve
ubuntucve
CVE-2013-2205
2013-07-08 00:00:00
CVE-2013-2173
2013-06-21 00:00:00
CVE-2013-2204
2013-07-08 00:00:00
patchstack
patchstack
WordPress SWFUpload Plugin <= 3.5.1 - XSS
2013-02-19 00:00:00
WordPress <= 3.5.1 - Multiple SSRF
2013-02-19 00:00:00
WordPress <= 3.5.1 - Denial of Service Attacks
2013-02-19 00:00:00
cve
cve
CVE-2013-2205
2013-07-08 20:55:00
CVE-2013-2204
2013-07-08 20:55:00
CVE-2013-2173
2013-06-21 13:57:00
debiancve
debiancve
CVE-2013-2205
2013-07-08 20:55:00
CVE-2013-2173
2013-06-21 13:57:00
CVE-2013-2203
2013-07-08 20:55:00
seebug
seebug
WordPress 3.5.1 crypt_private()θΏœη¨‹ζ‹’η»ζœεŠ‘ζΌζ΄ž(CVE-2013-2173)
2013-06-30 00:00:00
wpvulndb
wpvulndb
WordPress 3.4 - 3.5.1 DoS in class-phpass.php
2014-08-01 10:58:20
WordPress 3.4-3.5.1 DoS in class-phpass.php
2013-06-21 00:00:00
WordPress 3.5-3.5.1 oEmbed Unspecified XML External Entity (XXE)
2013-06-21 00:00:00
veracode
veracode
Directory Traversal
2018-07-19 05:28:58
JSON
Related for WORDPRESS_3_5_2.NASL
securityvulns2openvas15nessus7fedora8freebsd1debian1osv1mageia1prion8ubuntucve8patchstack9cve8debiancve8seebug1wpvulndb5veracode1