Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.WORDPRESS_3_6_1.NASL
HistorySep 19, 2013 - 12:00 a.m.

WordPress < 3.6.1 Multiple Vulnerabilities

2013-09-1900:00:00
This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
29

0.106 Low

EPSS

Percentile

95.0%

JSON

According to its version number, the WordPress install hosted on the remote web server is affected by multiple vulnerabilities :

  • Unsafe PHP de-serialization could occur in limited situations and setups, which could lead to remote code execution. (CVE-2013-4338)

  • Open redirect/insufficient input validation could allow attackers to redirect users to a malicious website.
    (CVE-2013-4339)

  • A user with an Author role, using a specially crafted request, can forge a post that appears to be posted by another user. (CVE-2013-4340)

  • As a proactive measure to prevent cross-site scripting attacks, extensions .swf, .exe, .htm, and .html are filtered from file uploading. (CVE-2013-5738, CVE-2013-5739)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(69997);
  script_version("1.20");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");

  script_cve_id(
    "CVE-2013-4338",
    "CVE-2013-4339",
    "CVE-2013-4340",
    "CVE-2013-5738",
    "CVE-2013-5739"
  );
  script_bugtraq_id(
    62344,
    62345,
    62346,
    62421,
    62424,
    64453,
    64456
  );

  script_name(english:"WordPress < 3.6.1 Multiple Vulnerabilities");
  script_summary(english:"Checks the version of WordPress.");

  script_set_attribute(attribute:"synopsis", value:
"The remote web server contains a PHP application that is affected by
multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"According to its version number, the WordPress install hosted on the
remote web server is affected by multiple vulnerabilities :

  - Unsafe PHP de-serialization could occur in limited
    situations and setups, which could lead to remote code
    execution. (CVE-2013-4338)

  - Open redirect/insufficient input validation could allow
    attackers to redirect users to a malicious website.
    (CVE-2013-4339)

  - A user with an Author role, using a specially crafted
    request, can forge a post that appears to be posted by
    another user. (CVE-2013-4340)

  - As a proactive measure to prevent cross-site scripting
    attacks, extensions .swf, .exe, .htm, and .html are
    filtered from file uploading. (CVE-2013-5738,
    CVE-2013-5739)

Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.");
  script_set_attribute(attribute:"see_also", value:"https://wordpress.org/news/2013/09/wordpress-3-6-1/");
  script_set_attribute(attribute:"see_also", value:"https://codex.wordpress.org/Version_3.6.1");
  script_set_attribute(attribute:"see_also", value:"https://seclists.org/fulldisclosure/2013/Dec/174");
  # https://core.trac.wordpress.org/log/branches/3.6?stop_rev=24972&rev=25345
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?24ef6be5");
  script_set_attribute(attribute:"see_also", value:"https://core.trac.wordpress.org/changeset/25321");
  script_set_attribute(attribute:"see_also", value:"https://core.trac.wordpress.org/changeset/25322");
  script_set_attribute(attribute:"see_also", value:"https://core.trac.wordpress.org/changeset/25323");
  script_set_attribute(attribute:"see_also", value:"https://core.trac.wordpress.org/changeset/25324");
  script_set_attribute(attribute:"see_also", value:"https://core.trac.wordpress.org/changeset/25325");
  script_set_attribute(attribute:"solution", value:
"Upgrade to WordPress 3.6.1 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-4339");

  script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);

  script_set_attribute(attribute:"vuln_publication_date", value:"2013/09/10");
  script_set_attribute(attribute:"patch_publication_date", value:"2013/09/11");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/09/19");

  script_set_attribute(attribute:"potential_vulnerability", value:"true");
  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:wordpress:wordpress");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CGI abuses");

  script_copyright(english:"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("wordpress_detect.nasl");
  script_require_keys("www/PHP", "installed_sw/WordPress", "Settings/ParanoidReport");
  script_require_ports("Services/www", 80);

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");
include("install_func.inc");

app = "WordPress";
get_install_count(app_name:app, exit_if_zero:TRUE);

port = get_http_port(default:80, php:TRUE);

install = get_single_install(
  app_name : app,
  port     : port,
  exit_if_unknown_ver : TRUE
);

dir = install['path'];
version = install['version'];
install_url = build_url(port:port, qs:dir);

if (report_paranoia < 2) audit(AUDIT_PARANOID);

ver = split(version, sep:".", keep:FALSE);
for (i=0; i<max_index(ver); i++)
  ver[i] = int(ver[i]);

# Versions less than 3.6.1 are vulnerable
if (
  ver[0] < 3 ||
  (ver[0] == 3 && ver[1] < 6) ||
  (ver[0] == 3 && ver[1] == 6 && ver[2] < 1)
)
{
  set_kb_item(name:"www/"+port+"/XSS", value:TRUE);
  if (report_verbosity > 0)
  {
    report =
      '\n  URL               : ' +install_url+
      '\n  Installed version : ' +version+
      '\n  Fixed version     : 3.6.1\n';
    security_hole(port:port, extra:report);
  }
  else security_hole(port);
}
else audit(AUDIT_WEB_APP_NOT_AFFECTED, app, install_url, version);
VendorProductVersionCPE
wordpresswordpresscpe:/a:wordpress:wordpress

Related

nessus 7
osv 1
openvas 11
freebsd 1
mageia 1
securityvulns 2
debian 1
fedora 6
ubuntucve 5
cve 5
prion 5
cvelist 5
wpvulndb 5
nvd 5
debiancve 5
patchstack 5
seebug 4
veracode 1
nessus
nessus
FreeBSD : wordpress -- multiple vulnerabilities (043d3a78-f245-4938-9bc7-3d0d35dd94bf)
2013-10-20 00:00:00
WordPress < 3.6.1 Multiple Vulnerabilities
2016-02-26 00:00:00
Debian DSA-2757-1 : wordpress - several vulnerabilities
2013-09-15 00:00:00
osv
osv
wordpress - several
2013-09-14 00:00:00
openvas
openvas
Mageia: Security Advisory (MGASA-2013-0285)
2022-01-28 00:00:00
Debian Security Advisory DSA 2757-1 (wordpress - several vulnerabilities)
2013-09-14 00:00:00
Debian: Security Advisory (DSA-2757-1)
2013-09-13 00:00:00
freebsd
freebsd
wordpress -- multiple vulnerabilities
2013-09-11 00:00:00
mageia
mageia
Updated wordpress and php-phpmailer packages fix security vulnerabilities
2013-09-19 13:45:04
securityvulns
securityvulns
[ MDVSA-2013:239 ] wordpress
2013-10-02 00:00:00
Web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;
2013-10-02 00:00:00
debian
debian
[SECURITY] [DSA 2757-1] wordpress security update
2013-09-14 09:15:12
fedora
fedora
[SECURITY] Fedora 20 Update: wordpress-3.6.1-1.fc20
2013-09-26 06:04:23
[SECURITY] Fedora 19 Update: wordpress-3.6.1-1.fc19
2013-09-26 06:04:43
[SECURITY] Fedora 18 Update: wordpress-3.6.1-1.fc18
2013-09-27 00:41:16
ubuntucve
ubuntucve
CVE-2013-5738
2013-09-12 00:00:00
CVE-2013-5739
2013-09-12 00:00:00
CVE-2013-4338
2013-09-12 00:00:00
cve
cve
CVE-2013-5738
2013-09-12 13:30:13
CVE-2013-5739
2013-09-12 13:30:13
CVE-2013-4338
2013-09-12 13:28:37
prion
prion
Cross site scripting
2013-09-12 13:30:00
Cross site scripting
2013-09-12 13:30:00
Code injection
2013-09-12 13:28:00
cvelist
cvelist
CVE-2013-5738
2013-09-12 10:00:00
CVE-2013-5739
2013-09-12 10:00:00
CVE-2013-4338
2013-09-12 10:00:00
wpvulndb
wpvulndb
WordPress 3.6 - HTML File Upload Cross-Site Scripting (XSS)
2014-08-01 00:00:00
WordPress 3.6 - SWF/EXE File Upload Cross-Site Scripting (XSS)
2014-08-01 00:00:00
WordPress 3.6 - PHP Object Injection
2013-09-11 00:00:00
nvd
nvd
CVE-2013-5738
2013-09-12 13:30:13
CVE-2013-5739
2013-09-12 13:30:13
CVE-2013-4338
2013-09-12 13:28:37
debiancve
debiancve
CVE-2013-5739
2013-09-12 13:30:13
CVE-2013-5738
2013-09-12 13:30:13
CVE-2013-4340
2013-09-12 13:30:13
patchstack
patchstack
WordPress <= 3.6.0 - Cross Site Scripting #2
2013-09-11 00:00:00
WordPress <= 3.6.0 - Cross Site Scripting #1
2013-09-11 00:00:00
WordPress <= 3.6.0 - Arbitrary Code Execution
2013-06-12 00:00:00
seebug
seebug
WordPress get_allowed_mime_types函数(wp-includes/functions.php)存在跨站脚本漏洞
2013-09-16 00:00:00
WordPress 'is_serialized()'远程任意代码执行漏洞(CVE-2013-4338)
2013-09-16 00:00:00
WordPress /wp-admin/includes/post.php user_ID 参数操作权限提升漏洞
2013-09-16 00:00:00
veracode
veracode
Privilege Escalation
2017-08-04 07:28:46

0.106 Low

EPSS

Percentile

95.0%

JSON
Related for WORDPRESS_3_6_1.NASL
nessus7osv1openvas11freebsd1mageia1securityvulns2debian1fedora6ubuntucve5cve5prion5cvelist5wpvulndb5nvd5debiancve5patchstack5seebug4veracode1