Lucene search

K
nessusThis script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.WORDPRESS_5_1_1.NASL
HistoryMar 14, 2019 - 12:00 a.m.

WordPress < 5.1.1 Multiple Vulnerabilities

2019-03-1400:00:00
This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
20

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.1 High

AI Score

Confidence

High

0.837 High

EPSS

Percentile

98.5%

According to its self-reported version number, the WordPress application running on the remote web server is affected by multiple vulnerabilities:

  • A cross-site request forgery (XSRF) vulnerability exists in the comment form due to improper validation. A remote attacker can exploit this by tricking a user into visiting a specially crafted web page, allowing the attacker to create comments on the administrator’s behalf. (CVE-2019-9787)

  • A cross-site scripting (XSS) vulnerability exists due to improper validation of user-supplied input before returning it to users. An unauthenticated, remote attacker can exploit this, by convincing a user to click a specially crafted URL, to execute arbitrary script code in a user’s browser session.

#
# (C) Tenable Network Security, Inc.
#

include('compat.inc');

if (description)
{
  script_id(122823);
  script_version("1.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/14");

  script_cve_id("CVE-2019-9787");
  script_bugtraq_id(107411);

  script_name(english:"WordPress < 5.1.1 Multiple Vulnerabilities");

  script_set_attribute(attribute:"synopsis", value:
"A PHP application running on the remote web server is affected by
multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"According to its self-reported version number, the WordPress
application running on the remote web server is affected by 
multiple vulnerabilities:

  - A cross-site request forgery (XSRF) vulnerability
    exists in the comment form due to improper validation. A
    remote attacker can exploit this by tricking a user into
    visiting a specially crafted web page, allowing the
    attacker to create comments on the administrator's
    behalf. (CVE-2019-9787)

  - A cross-site scripting (XSS) vulnerability exists due
    to improper validation of user-supplied input before
    returning it to users. An unauthenticated, remote
    attacker can exploit this, by convincing a user to
    click a specially crafted URL, to execute arbitrary
    script code in a user's browser session.");
  # https://wordpress.org/support/wordpress-version/version-5-1-1
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?34dc1be1");
  script_set_attribute(attribute:"solution", value:
"Upgrade to WordPress version 5.1.1 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-9787");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/03/12");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/03/12");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/03/14");

  script_set_attribute(attribute:"potential_vulnerability", value:"true");
  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:wordpress:wordpress");
  script_set_attribute(attribute:"enable_cgi_scanning", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CGI abuses");

  script_copyright(english:"This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("wordpress_detect.nasl");
  script_require_keys("www/PHP", "installed_sw/WordPress", "Settings/ParanoidReport");
  script_exclude_keys("Settings/disable_cgi_scanning");
  script_require_ports("Services/www", 80, 443);

  exit(0);
}

include("vcf.inc");
include("http.inc");

if (report_paranoia < 2) audit(AUDIT_PARANOID);

app = "WordPress";
port = get_http_port(default:80, php:TRUE);

app_info = vcf::get_app_info(app:app, port:port, webapp:TRUE);
vcf::check_granularity(app_info:app_info, sig_segments:2);

# Per https://wordpress.org/download/release-archive/
# only 5.1.1 is supported but fix is backported to 3.9
constraints = [
  { "fixed_version":"3.9.27", "fixed_display" : "3.9.27 / 5.1.1" },
  { "min_version":"4.0", "fixed_version":"4.0.26", "fixed_display" : "4.0.26 / 5.1.1" },
  { "min_version":"4.1", "fixed_version":"4.1.26", "fixed_display" : "4.1.26 / 5.1.1" },
  { "min_version":"4.2", "fixed_version":"4.2.23", "fixed_display" : "4.2.23 / 5.1.1" },
  { "min_version":"4.3", "fixed_version":"4.3.19", "fixed_display" : "4.3.19 / 5.1.1" },
  { "min_version":"4.4", "fixed_version":"4.4.18", "fixed_display" : "4.4.18 / 5.1.1" },
  { "min_version":"4.5", "fixed_version":"4.5.17", "fixed_display" : "4.5.17 / 5.1.1" },
  { "min_version":"4.6", "fixed_version":"4.6.14", "fixed_display" : "4.6.14 / 5.1.1" },
  { "min_version":"4.7", "fixed_version":"4.7.13", "fixed_display" : "4.7.13 / 5.1.1" },
  { "min_version":"4.8", "fixed_version":"4.8.9",  "fixed_display" : "4.8.9 / 5.1.1" },
  { "min_version":"4.9", "fixed_version":"4.9.10", "fixed_display" : "4.9.10 / 5.1.1" },
  { "min_version":"5.0", "fixed_version":"5.0.4", "fixed_display" : "5.0.4 / 5.1.1" },
  { "min_version":"5.1", "fixed_version":"5.1.1" }
];

vcf::check_version_and_report(
  app_info:app_info,
  constraints:constraints,
  severity:SECURITY_WARNING,
  flags:{xss:TRUE, xsrf:TRUE}
);
VendorProductVersionCPE
wordpresswordpresscpe:/a:wordpress:wordpress

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.1 High

AI Score

Confidence

High

0.837 High

EPSS

Percentile

98.5%