Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2024 Greenbone AGOPENVAS:1361412562310128033
HistoryJul 30, 2024 - 12:00 a.m.

WordPress Multiple Vulnerabilities (June 2024) - Linux

2024-07-3000:00:00
Copyright (C) 2024 Greenbone AG
plugins.openvas.org
15
wordpress
vulnerability
relative path traversal
update
version 4.1.41
version 4.2.38
version 4.3.34
version 4.4.33
version 4.5.32
version 4.6.29
version 4.7.29
version 4.8.25
version 4.9.26
version 5.0.22

CVSS3

5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

AI Score

5.3

Confidence

High

JSON

WordPress is prone to multiple vulnerabilities.

# SPDX-FileCopyrightText: 2024 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

CPE = "cpe:/a:wordpress:wordpress";

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.128033");
  script_version("2024-08-01T05:05:42+0000");
  script_tag(name:"last_modification", value:"2024-08-01 05:05:42 +0000 (Thu, 01 Aug 2024)");
  script_tag(name:"creation_date", value:"2024-07-30 10:00:00 +0000 (Tue, 30 Jul 2024)");
  script_tag(name:"cvss_base", value:"4.6");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:H/Au:S/C:P/I:P/A:P");

  script_cve_id("CVE-2024-32111");

  script_tag(name:"qod_type", value:"remote_banner_unreliable");

  script_tag(name:"solution_type", value:"VendorFix");

  script_name("WordPress Multiple Vulnerabilities (June 2024) - Linux");

  script_category(ACT_GATHER_INFO);

  script_copyright("Copyright (C) 2024 Greenbone AG");
  script_family("Web application abuses");
  script_dependencies("gb_wordpress_http_detect.nasl", "os_detection.nasl");
  script_mandatory_keys("wordpress/detected", "Host/runs_unixoide");

  script_tag(name:"summary", value:"WordPress is prone to multiple vulnerabilities.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");

  script_tag(name:"insight", value:"The following flaws exist:

  - CVE-2024-32111: Improper limitation of a pathname to a restricted directory vulnerability in
  'Automatic WordPress' allows Relative Path Traversal.");

  script_tag(name:"affected", value:"WordPress version 6.5.4 and prior.");

  script_tag(name:"solution", value:"Update to version 4.1.41, 4.2.38, 4.3.34, 4.4.33, 4.5.32,
  4.6.29, 4.7.29, 4.8.25, 4.9.26, 5.0.22, 5.1.19, 5.2.21, 5.3.18, 5.4.16, 5.5.15, 5.6.14, 5.7.12,
  5.8.10, 5.9.10, 6.0.9, 6.1.7, 6.2.6, 6.3.5, 6.4.5, 6.5.5 or later");

  script_xref(name:"URL", value:"https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-core/wordpress-core-655-authenticated-contributor-directory-traversal?asset_slug=wordpress");
  script_xref(name:"URL", value:"https://wordpress.org/news/2024/06/wordpress-6-5-5/");

  exit(0);
}

include("host_details.inc");
include("version_func.inc");

if (!port = get_app_port(cpe: CPE))
  exit(0);

if (!infos = get_app_version_and_location(cpe: CPE, port: port, exit_no_version: TRUE))
  exit(0);

version = infos["version"];
location = infos["location"];

if (version_in_range_exclusive(version: version, test_version_lo: "4.1", test_version_up: "4.1.40")) {
  report = report_fixed_ver(installed_version: version, fixed_version: "4.1.41", install_path: location);
  security_message(port: port, data: report);
  exit(0);
}

if (version_in_range_exclusive(version: version, test_version_lo: "4.2", test_version_up: "4.2.37")) {
  report = report_fixed_ver(installed_version: version, fixed_version: "4.2.38", install_path: location);
  security_message(port: port, data: report);
  exit(0);
}

if (version_in_range_exclusive(version: version, test_version_lo: "4.3", test_version_up: "4.3.33")) {
  report = report_fixed_ver(installed_version: version, fixed_version: "4.3.34", install_path: location);
  security_message(port: port, data: report);
  exit(0);
}

if (version_in_range_exclusive(version: version, test_version_lo: "4.4", test_version_up: "4.4.32")) {
  report = report_fixed_ver(installed_version: version, fixed_version: "4.4.33", install_path: location);
  security_message(port: port, data: report);
  exit(0);
}

if (version_in_range_exclusive(version: version, test_version_lo: "4.5", test_version_up: "4.5.31")) {
  report = report_fixed_ver(installed_version: version, fixed_version: "4.5.32", install_path: location);
  security_message(port: port, data: report);
  exit(0);
}

if (version_in_range_exclusive(version: version, test_version_lo: "4.6", test_version_up: "4.6.28")) {
  report = report_fixed_ver(installed_version: version, fixed_version: "4.6.29", install_path: location);
  security_message(port: port, data: report);
  exit(0);
}

if (version_in_range_exclusive(version: version, test_version_lo: "4.7", test_version_up: "4.7.28")) {
  report = report_fixed_ver(installed_version: version, fixed_version: "4.7.29", install_path: location);
  security_message(port: port, data: report);
  exit(0);
}

if (version_in_range_exclusive(version: version, test_version_lo: "4.8", test_version_up: "4.8.24")) {
  report = report_fixed_ver(installed_version: version, fixed_version: "4.8.25", install_path: location);
  security_message(port: port, data: report);
  exit(0);
}

if (version_in_range_exclusive(version: version, test_version_lo: "4.9", test_version_up: "4.9.25")) {
  report = report_fixed_ver(installed_version: version, fixed_version: "4.9.26", install_path: location);
  security_message(port: port, data: report);
  exit(0);
}

if (version_in_range_exclusive(version: version, test_version_lo: "5.0", test_version_up: "5.0.21")) {
  report = report_fixed_ver(installed_version: version, fixed_version: "5.0.22", install_path: location);
  security_message(port: port, data: report);
  exit(0);
}

if (version_in_range_exclusive(version: version, test_version_lo: "5.1", test_version_up: "5.1.18")) {
  report = report_fixed_ver(installed_version: version, fixed_version: "5.1.19", install_path: location);
  security_message(port: port, data: report);
  exit(0);
}

if (version_in_range_exclusive(version: version, test_version_lo: "5.2", test_version_up: "5.2.20")) {
  report = report_fixed_ver(installed_version: version, fixed_version: "5.2.21", install_path: location);
  security_message(port: port, data: report);
  exit(0);
}

if (version_in_range_exclusive(version: version, test_version_lo: "5.3", test_version_up: "5.3.17")) {
  report = report_fixed_ver(installed_version: version, fixed_version: "5.3.18", install_path: location);
  security_message(port: port, data: report);
  exit(0);
}

if (version_in_range_exclusive(version: version, test_version_lo: "5.4", test_version_up: "5.4.15")) {
  report = report_fixed_ver(installed_version: version, fixed_version: "5.4.16", install_path: location);
  security_message(port: port, data: report);
  exit(0);
}

if (version_in_range_exclusive(version: version, test_version_lo: "5.5", test_version_up: "5.5.14")) {
  report = report_fixed_ver(installed_version: version, fixed_version: "5.5.15", install_path: location);
  security_message(port: port, data: report);
  exit(0);
}

if (version_in_range_exclusive(version: version, test_version_lo: "5.6", test_version_up: "5.6.13")) {
  report = report_fixed_ver(installed_version: version, fixed_version: "5.6.14", install_path: location);
  security_message(port: port, data: report);
  exit(0);
}

if (version_in_range_exclusive(version: version, test_version_lo: "5.7", test_version_up: "5.7.11")) {
  report = report_fixed_ver(installed_version: version, fixed_version: "5.7.12", install_path: location);
  security_message(port: port, data: report);
  exit(0);
}

if (version_in_range_exclusive(version: version, test_version_lo: "5.8", test_version_up: "5.8.9")) {
  report = report_fixed_ver(installed_version: version, fixed_version: "5.8.10", install_path: location);
  security_message(port: port, data: report);
  exit(0);
}

if (version_in_range_exclusive(version: version, test_version_lo: "5.9", test_version_up: "5.9.9")) {
  report = report_fixed_ver(installed_version: version, fixed_version: "5.9.10", install_path: location);
  security_message(port: port, data: report);
  exit(0);
}

if (version_in_range_exclusive(version: version, test_version_lo: "6.0", test_version_up: "6.0.8")) {
  report = report_fixed_ver(installed_version: version, fixed_version: "6.0.9", install_path: location);
  security_message(port: port, data: report);
  exit(0);
}

if (version_in_range_exclusive(version: version, test_version_lo: "6.1", test_version_up: "6.1.6")) {
  report = report_fixed_ver(installed_version: version, fixed_version: "6.1.7", install_path: location);
  security_message(port: port, data: report);
  exit(0);
}

if (version_in_range_exclusive(version: version, test_version_lo: "6.2", test_version_up: "6.2.5")) {
  report = report_fixed_ver(installed_version: version, fixed_version: "6.2.6", install_path: location);
  security_message(port: port, data: report);
  exit(0);
}

if (version_in_range_exclusive(version: version, test_version_lo: "6.3", test_version_up: "6.3.4")) {
  report = report_fixed_ver(installed_version: version, fixed_version: "6.3.5", install_path: location);
  security_message(port: port, data: report);
  exit(0);
}

if (version_in_range_exclusive(version: version, test_version_lo: "6.4", test_version_up: "6.4.4")) {
  report = report_fixed_ver(installed_version: version, fixed_version: "6.4.5", install_path: location);
  security_message(port: port, data: report);
  exit(0);
}

if (version_in_range_exclusive(version: version, test_version_lo: "6.5", test_version_up: "6.5.4")) {
  report = report_fixed_ver(installed_version: version, fixed_version: "6.5.5", install_path: location);
  security_message(port: port, data: report);
  exit(0);
}

exit(99);

Related

ubuntucve 1
cve 2
osv 3
nvd 2
debiancve 1
vulnrichment 1
cvelist 1
openvas 1
nessus 1
wordfence 1
ubuntucve
ubuntucve
CVE-2024-32111
2024-06-25 00:00:00
cve
cve
CVE-2024-32111
2024-06-25 14:15:11
CVE-2024-6306
2024-06-25 11:15:50
osv
osv
CVE-2024-32111
2024-06-25 14:15:00
BIT-wordpress-2024-32111
2024-06-27 07:43:09
BIT-wordpress-multisite-2024-32111
2024-06-27 07:41:57
nvd
nvd
CVE-2024-32111
2024-06-25 14:15:11
CVE-2024-6306
2024-06-25 11:15:50
debiancve
debiancve
CVE-2024-32111
2024-06-25 14:15:11
vulnrichment
vulnrichment
CVE-2024-32111 WordPress core < 6.5.5 - Auth. Arbitrary .html File Read (Windows Only) vulnerability
2024-06-25 13:35:45
cvelist
cvelist
CVE-2024-32111 WordPress core < 6.5.5 - Auth. Arbitrary .html File Read (Windows Only) vulnerability
2024-06-25 13:35:45
openvas
openvas
WordPress Multiple Vulnerabilities (June 2024) - Windows
2024-07-29 00:00:00
nessus
nessus
WordPress < 6.6.1
2024-08-02 00:00:00
wordfence
wordfence
Wordfence Intelligence Weekly WordPress Vulnerability Report (June 24, 2024 to June 30, 2024)
2024-07-03 15:31:12

CVSS3

5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

AI Score

5.3

Confidence

High

JSON
Related for OPENVAS:1361412562310128033
ubuntucve1cve2osv3nvd2debiancve1vulnrichment1cvelist1openvas1nessus1wordfence1