{"debiancve": [{"lastseen": "2022-06-07T06:02:37", "description": "WordPress before 5.5.2 allows XSS associated with global variables.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2020-11-02T21:15:00", "type": "debiancve", "title": "CVE-2020-28034", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-28034"], "modified": "2020-11-02T21:15:00", "id": "DEBIANCVE:CVE-2020-28034", "href": "https://security-tracker.debian.org/tracker/CVE-2020-28034", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "patchstack": [{"lastseen": "2022-06-01T19:33:58", "description": "Cross-Site Scripting (XSS) via Global Variables vulnerability found by Marc Montas in WordPress (versions <= 5.5.1).\n\n## Solution\n\n\r\n Update the WordPress to the latest available version (at least 5.5.2).\r\n ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2020-10-29T00:00:00", "type": "patchstack", "title": "WordPress <= 5.5.1 - Cross-Site Scripting (XSS) via Global Variables vulnerability", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-28034"], "modified": "2020-10-29T00:00:00", "id": "PATCHSTACK:A2109C084FCE51ECC566B3FAB29D17B4", "href": "https://patchstack.com/database/vulnerability/wordpress/wordpress-5-5-1-cross-site-scripting-xss-via-global-variables-vulnerability", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "ubuntucve": [{"lastseen": "2022-01-21T20:23:58", "description": "WordPress before 5.5.2 allows XSS associated with global variables.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 6.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 2.7}, "published": "2020-11-02T00:00:00", "type": "ubuntucve", "title": "CVE-2020-28034", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-28034"], "modified": "2020-11-02T00:00:00", "id": "UB:CVE-2020-28034", "href": "https://ubuntu.com/security/CVE-2020-28034", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "cve": [{"lastseen": "2022-06-29T20:56:05", "description": "WordPress before 5.5.2 allows XSS associated with global variables.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2020-11-02T21:15:00", "type": "cve", "title": "CVE-2020-28034", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-28034"], "modified": "2022-06-29T19:21:00", "cpe": ["cpe:/o:fedoraproject:fedora:32", "cpe:/o:debian:debian_linux:10.0", "cpe:/o:fedoraproject:fedora:31", "cpe:/o:debian:debian_linux:9.0", "cpe:/o:fedoraproject:fedora:33"], "id": "CVE-2020-28034", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28034", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*"]}], "nessus": [{"lastseen": "2022-06-05T15:33:03", "description": "According to its self-reported version number, the installation of WordPress installed on the remote host is affected by multiple vulnerabilities: \n\n - A deserialization vulnerability exists in wp-includes/Requests/Utility/FilteredIterator.php. An unauthenticated, remote attacker can exploit this, by sending specially crafted serialized payloads to an affected instance, to execute arbitrary code on the target host (CVE-2020-28032).\n\n - Multiple privilege escalation vulnerabilities exist in the XML-RPC component of Wordpress. An unauthenticated, remote attacker can exploit these, to gain privileged access to an affected host (CVE-2020-28035, CVE-2020-28036).\n\n - A remote code execution vulnerability exists in the is_blog_installed function of wp-includes/functions.php. An unauthenticated, remote attacker can exploit this to bypass authentication and execute arbitrary commands (CVE-2020-28037). Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-11-04T00:00:00", "type": "nessus", "title": "WordPress < 5.5.2 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-28032", "CVE-2020-28033", "CVE-2020-28034", "CVE-2020-28035", "CVE-2020-28036", "CVE-2020-28037", "CVE-2020-28038", "CVE-2020-28040"], "modified": "2021-06-03T00:00:00", "cpe": ["cpe:/a:wordpress:wordpress"], "id": "WORDPRESS_5_5_2.NASL", "href": "https://www.tenable.com/plugins/nessus/142420", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142420);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/06/03\");\n\n script_cve_id(\n \"CVE-2020-28032\",\n \"CVE-2020-28033\",\n \"CVE-2020-28034\",\n \"CVE-2020-28035\",\n \"CVE-2020-28036\",\n \"CVE-2020-28037\",\n \"CVE-2020-28038\",\n \"CVE-2020-28040\"\n );\n script_xref(name:\"IAVA\", value:\"2020-A-0507-S\");\n\n script_name(english:\"WordPress < 5.5.2 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A PHP application running on the remote web server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the installation of WordPress installed on the remote host is affected\nby multiple vulnerabilities: \n\n - A deserialization vulnerability exists in wp-includes/Requests/Utility/FilteredIterator.php. An \n unauthenticated, remote attacker can exploit this, by sending specially crafted serialized payloads\n to an affected instance, to execute arbitrary code on the target host (CVE-2020-28032).\n\n - Multiple privilege escalation vulnerabilities exist in the XML-RPC component of Wordpress. An \n unauthenticated, remote attacker can exploit these, to gain privileged access to an affected \n host (CVE-2020-28035, CVE-2020-28036).\n\n - A remote code execution vulnerability exists in the is_blog_installed function of \n wp-includes/functions.php. An unauthenticated, remote attacker can exploit this to bypass authentication \n and execute arbitrary commands (CVE-2020-28037). \n \nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported \nversion\");\n # https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?cd17652d\");\n script_set_attribute(attribute:\"see_also\", value:\"https://wordpress.org/support/wordpress-version/version-5-5-2/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to WordPress version 5.5.2 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-28032\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/04\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:wordpress:wordpress\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"wordpress_detect.nasl\");\n script_require_keys(\"www/PHP\", \"installed_sw/WordPress\", \"Settings/ParanoidReport\");\n script_require_ports(\"Services/www\", 80, 443);\n\n exit(0);\n}\n\ninclude('http.inc');\ninclude('vcf.inc');\n\napp = 'WordPress';\nget_install_count(app_name:app, exit_if_zero:TRUE);\n\nif (report_paranoia < 2)\n audit(AUDIT_PARANOID);\n\nport = get_http_port(default:80, php:TRUE);\napp_info = vcf::get_app_info(app:app, port:port, webapp:TRUE);\n\nconstraints = [\n { 'min_version' : '3.7', 'fixed_version' : '3.7.35'},\n { 'min_version' : '3.8', 'fixed_version' : '3.8.35'},\n { 'min_version' : '3.9', 'fixed_version' : '3.9.33'},\n { 'min_version' : '4.0', 'fixed_version' : '4.0.32'},\n { 'min_version' : '4.1', 'fixed_version' : '4.1.32'},\n { 'min_version' : '4.2', 'fixed_version' : '4.2.29'},\n { 'min_version' : '4.3', 'fixed_version' : '4.3.25'},\n { 'min_version' : '4.4', 'fixed_version' : '4.4.24'},\n { 'min_version' : '4.5', 'fixed_version' : '4.5.23'},\n { 'min_version' : '4.6', 'fixed_version' : '4.6.20'},\n { 'min_version' : '4.7', 'fixed_version' : '4.7.19'},\n { 'min_version' : '4.8', 'fixed_version' : '4.8.15'},\n { 'min_version' : '4.9', 'fixed_version' : '4.9.16'},\n { 'min_version' : '5.0', 'fixed_version' : '5.0.11'},\n { 'min_version' : '5.1', 'fixed_version' : '5.1.7'},\n { 'min_version' : '5.2', 'fixed_version' : '5.2.8'},\n { 'min_version' : '5.3', 'fixed_version' : '5.3.5'},\n { 'min_version' : '5.4', 'fixed_version' : '5.4.3'},\n { 'min_version' : '5.5', 'fixed_version' : '5.5.2'}\n];\n\nvcf::check_version_and_report(\n app_info:app_info,\n constraints:constraints,\n severity:SECURITY_HOLE,\n flags: {'xss':TRUE}\n);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-01-15T13:46:00", "description": "According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities :\n\n - A deserialization vulnerability exists in Requests_Utility_FilteredIterator class.\n\n - A cross-site scripting (XSS) vulnerability exists via global variables and post slugs.\n\n - A denial of service vulnerability against the MySQL database.\n\n - Two privilege escalation vulnerabilities in XML-RPC.\n\n - An arbitrary file deletion vulnerability exists via a bypass of protected meta.\n\n - A cross-site request forgery (CSRF) vulnerability exists when updating a background image.\n\nNote that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-11-12T00:00:00", "type": "nessus", "title": "WordPress 4.2.x < 4.2.29 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-28035", "CVE-2020-28036", "CVE-2020-28039", "CVE-2020-28032", "CVE-2020-28033", "CVE-2020-28040", "CVE-2020-28037", "CVE-2020-28038", "CVE-2020-28034"], "modified": "2021-10-07T00:00:00", "cpe": ["cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*"], "id": "WEB_APPLICATION_SCANNING_112636", "href": "https://www.tenable.com/plugins/was/112636", "sourceData": "No source data", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-05T15:33:16", "description": "**WordPress 5.5.3 Maintenance Release**\n\nThis maintenance release fixes an issue introduced in WordPress 5.5.2 which makes it impossible to install WordPress on a brand new website that does not have a database connection configured.\n\n----\n\n**WordPress 5.5.2 Security and Maintenance Release**\n\n**Security Updates**\n\n - Props to Alex Concha of the WordPress Security Team for their work in hardening deserialization requests.\n\n - Props to David Binovec on a fix to disable spam embeds from disabled sites on a multisite network.\n\n - Thanks to Marc Montas from Sucuri for reporting an issue that could lead to XSS from global variables.\n\n - Thanks to Justin Tran who reported an issue surrounding privilege escalation in XML-RPC. He also found and disclosed an issue around privilege escalation around post commenting via XML-RPC.\n\n - Props to Omar Ganiev who reported a method where a DoS attack could lead to RCE.\n\n - Thanks to Karim El Ouerghemmi from RIPS who disclosed a method to store XSS in post slugs.\n\n - Thanks to Slavco for reporting, and confirmation from Karim El Ouerghemmi, a method to bypass protected meta that could lead to arbitrary file deletion.\n\n - Thanks to Erwan LR from WPScan who responsibly disclosed a method that could lead to CSRF.\n\n - And a special thanks to @zieladam who was integral in many of the releases and patches during this release.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-11-12T00:00:00", "type": "nessus", "title": "Fedora 32 : wordpress (2020-b386fac43a)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-28032", "CVE-2020-28033", "CVE-2020-28034", "CVE-2020-28035", "CVE-2020-28036", "CVE-2020-28037", "CVE-2020-28038", "CVE-2020-28039", "CVE-2020-28040"], "modified": "2020-11-20T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:wordpress", "cpe:/o:fedoraproject:fedora:32"], "id": "FEDORA_2020-B386FAC43A.NASL", "href": "https://www.tenable.com/plugins/nessus/142851", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2020-b386fac43a.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(142851);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/20\");\n\n script_cve_id(\"CVE-2020-28032\", \"CVE-2020-28033\", \"CVE-2020-28034\", \"CVE-2020-28035\", \"CVE-2020-28036\", \"CVE-2020-28037\", \"CVE-2020-28038\", \"CVE-2020-28039\", \"CVE-2020-28040\");\n script_xref(name:\"FEDORA\", value:\"2020-b386fac43a\");\n\n script_name(english:\"Fedora 32 : wordpress (2020-b386fac43a)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"**WordPress 5.5.3 Maintenance Release**\n\nThis maintenance release fixes an issue introduced in WordPress 5.5.2\nwhich makes it impossible to install WordPress on a brand new website\nthat does not have a database connection configured.\n\n----\n\n**WordPress 5.5.2 Security and Maintenance Release**\n\n**Security Updates**\n\n - Props to Alex Concha of the WordPress Security Team for\n their work in hardening deserialization requests.\n\n - Props to David Binovec on a fix to disable spam embeds\n from disabled sites on a multisite network.\n\n - Thanks to Marc Montas from Sucuri for reporting an issue\n that could lead to XSS from global variables.\n\n - Thanks to Justin Tran who reported an issue surrounding\n privilege escalation in XML-RPC. He also found and\n disclosed an issue around privilege escalation around\n post commenting via XML-RPC.\n\n - Props to Omar Ganiev who reported a method where a DoS\n attack could lead to RCE.\n\n - Thanks to Karim El Ouerghemmi from RIPS who disclosed a\n method to store XSS in post slugs.\n\n - Thanks to Slavco for reporting, and confirmation from\n Karim El Ouerghemmi, a method to bypass protected meta\n that could lead to arbitrary file deletion.\n\n - Thanks to Erwan LR from WPScan who responsibly disclosed\n a method that could lead to CSRF.\n\n - And a special thanks to @zieladam who was integral in\n many of the releases and patches during this release.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2020-b386fac43a\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected wordpress package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-28037\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:wordpress\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:32\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^32([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 32\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC32\", reference:\"wordpress-5.5.3-1.fc32\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wordpress\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-01-15T13:46:24", "description": "According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities :\n\n - A deserialization vulnerability exists in Requests_Utility_FilteredIterator class.\n\n - A cross-site scripting (XSS) vulnerability exists via global variables and post slugs.\n\n - A denial of service vulnerability against the MySQL database.\n\n - Two privilege escalation vulnerabilities in XML-RPC.\n\n - An arbitrary file deletion vulnerability exists via a bypass of protected meta.\n\n - A cross-site request forgery (CSRF) vulnerability exists when updating a background image.\n\nNote that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-11-12T00:00:00", "type": "nessus", "title": "WordPress 4.7.x < 4.7.19 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-28035", "CVE-2020-28036", "CVE-2020-28039", "CVE-2020-28032", "CVE-2020-28033", "CVE-2020-28040", "CVE-2020-28037", "CVE-2020-28038", "CVE-2020-28034"], "modified": "2021-10-07T00:00:00", "cpe": ["cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*"], "id": "WEB_APPLICATION_SCANNING_112641", "href": "https://www.tenable.com/plugins/was/112641", "sourceData": "No source data", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-01-15T13:46:23", "description": "According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities :\n\n - A deserialization vulnerability exists in Requests_Utility_FilteredIterator class.\n\n - A cross-site scripting (XSS) vulnerability exists via global variables and post slugs.\n\n - A denial of service vulnerability against the MySQL database.\n\n - Two privilege escalation vulnerabilities in XML-RPC.\n\n - An arbitrary file deletion vulnerability exists via a bypass of protected meta.\n\n - A cross-site request forgery (CSRF) vulnerability exists when updating a background image.\n\nNote that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-11-12T00:00:00", "type": "nessus", "title": "WordPress 3.8.x < 3.8.35 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-28035", "CVE-2020-28036", "CVE-2020-28039", "CVE-2020-28032", "CVE-2020-28033", "CVE-2020-28040", "CVE-2020-28037", "CVE-2020-28038", "CVE-2020-28034"], "modified": "2021-10-07T00:00:00", "cpe": ["cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*"], "id": "WEB_APPLICATION_SCANNING_112632", "href": "https://www.tenable.com/plugins/was/112632", "sourceData": "No source data", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-01-15T13:46:41", "description": "According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities :\n\n - A deserialization vulnerability exists in Requests_Utility_FilteredIterator class.\n\n - A cross-site scripting (XSS) vulnerability exists via global variables and post slugs.\n\n - A denial of service vulnerability against the MySQL database.\n\n - Two privilege escalation vulnerabilities in XML-RPC.\n\n - An arbitrary file deletion vulnerability exists via a bypass of protected meta.\n\n - A cross-site request forgery (CSRF) vulnerability exists when updating a background image.\n\nNote that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-11-12T00:00:00", "type": "nessus", "title": "WordPress 5.1.x < 5.1.7 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-28035", "CVE-2020-28036", "CVE-2020-28039", "CVE-2020-28032", "CVE-2020-28033", "CVE-2020-28040", "CVE-2020-28037", "CVE-2020-28038", "CVE-2020-28034"], "modified": "2021-10-07T00:00:00", "cpe": ["cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*"], "id": "WEB_APPLICATION_SCANNING_112645", "href": "https://www.tenable.com/plugins/was/112645", "sourceData": "No source data", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-01-15T13:46:50", "description": "According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities :\n\n - A deserialization vulnerability exists in Requests_Utility_FilteredIterator class.\n\n - A cross-site scripting (XSS) vulnerability exists via global variables and post slugs.\n\n - A denial of service vulnerability against the MySQL database.\n\n - Two privilege escalation vulnerabilities in XML-RPC.\n\n - An arbitrary file deletion vulnerability exists via a bypass of protected meta.\n\n - A cross-site request forgery (CSRF) vulnerability exists when updating a background image.\n\nNote that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-11-12T00:00:00", "type": "nessus", "title": "WordPress 4.4.x < 4.4.24 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-28035", "CVE-2020-28036", "CVE-2020-28039", "CVE-2020-28032", "CVE-2020-28033", "CVE-2020-28040", "CVE-2020-28037", "CVE-2020-28038", "CVE-2020-28034"], "modified": "2021-10-07T00:00:00", "cpe": ["cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*"], "id": "WEB_APPLICATION_SCANNING_112638", "href": "https://www.tenable.com/plugins/was/112638", "sourceData": "No source data", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-01-15T13:46:45", "description": "According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities :\n\n - A deserialization vulnerability exists in Requests_Utility_FilteredIterator class.\n\n - A cross-site scripting (XSS) vulnerability exists via global variables and post slugs.\n\n - A denial of service vulnerability against the MySQL database.\n\n - Two privilege escalation vulnerabilities in XML-RPC.\n\n - An arbitrary file deletion vulnerability exists via a bypass of protected meta.\n\n - A cross-site request forgery (CSRF) vulnerability exists when updating a background image.\n\nNote that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-11-12T00:00:00", "type": "nessus", "title": "WordPress 4.0.x < 4.0.32 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-28035", "CVE-2020-28036", "CVE-2020-28039", "CVE-2020-28032", "CVE-2020-28033", "CVE-2020-28040", "CVE-2020-28037", "CVE-2020-28038", "CVE-2020-28034"], "modified": "2021-10-07T00:00:00", "cpe": ["cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*"], "id": "WEB_APPLICATION_SCANNING_112634", "href": "https://www.tenable.com/plugins/was/112634", "sourceData": "No source data", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-01-15T13:55:04", "description": "According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities :\n\n - A deserialization vulnerability exists in Requests_Utility_FilteredIterator class.\n\n - A cross-site scripting (XSS) vulnerability exists via global variables and post slugs.\n\n - A denial of service vulnerability against the MySQL database.\n\n - Two privilege escalation vulnerabilities in XML-RPC.\n\n - An arbitrary file deletion vulnerability exists via a bypass of protected meta.\n\n - A cross-site request forgery (CSRF) vulnerability exists when updating a background image.\n\nNote that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-11-12T00:00:00", "type": "nessus", "title": "WordPress 4.8.x < 4.8.15 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-28035", "CVE-2020-28036", "CVE-2020-28039", "CVE-2020-28032", "CVE-2020-28033", "CVE-2020-28040", "CVE-2020-28037", "CVE-2020-28038", "CVE-2020-28034"], "modified": "2021-10-07T00:00:00", "cpe": ["cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*"], "id": "WEB_APPLICATION_SCANNING_112642", "href": "https://www.tenable.com/plugins/was/112642", "sourceData": "No source data", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-01-15T13:46:57", "description": "According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities :\n\n - A deserialization vulnerability exists in Requests_Utility_FilteredIterator class.\n\n - A cross-site scripting (XSS) vulnerability exists via global variables and post slugs.\n\n - A denial of service vulnerability against the MySQL database.\n\n - Two privilege escalation vulnerabilities in XML-RPC.\n\n - An arbitrary file deletion vulnerability exists via a bypass of protected meta.\n\n - A cross-site request forgery (CSRF) vulnerability exists when updating a background image.\n\nNote that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-11-12T00:00:00", "type": "nessus", "title": "WordPress 5.3.x < 5.3.5 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-28035", "CVE-2020-28036", "CVE-2020-28039", "CVE-2020-28032", "CVE-2020-28033", "CVE-2020-28040", "CVE-2020-28037", "CVE-2020-28038", "CVE-2020-28034"], "modified": "2021-10-07T00:00:00", "cpe": ["cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*"], "id": "WEB_APPLICATION_SCANNING_112647", "href": "https://www.tenable.com/plugins/was/112647", "sourceData": "No source data", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-01-15T13:46:30", "description": "According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities :\n\n - A deserialization vulnerability exists in Requests_Utility_FilteredIterator class.\n\n - A cross-site scripting (XSS) vulnerability exists via global variables and post slugs.\n\n - A denial of service vulnerability against the MySQL database.\n\n - Two privilege escalation vulnerabilities in XML-RPC.\n\n - An arbitrary file deletion vulnerability exists via a bypass of protected meta.\n\n - A cross-site request forgery (CSRF) vulnerability exists when updating a background image.\n\nNote that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-11-12T00:00:00", "type": "nessus", "title": "WordPress 4.6.x < 4.6.20 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-28035", "CVE-2020-28036", "CVE-2020-28039", "CVE-2020-28032", "CVE-2020-28033", "CVE-2020-28040", "CVE-2020-28037", "CVE-2020-28038", "CVE-2020-28034"], "modified": "2021-10-07T00:00:00", "cpe": ["cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*"], "id": "WEB_APPLICATION_SCANNING_112640", "href": "https://www.tenable.com/plugins/was/112640", "sourceData": "No source data", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-05T15:33:16", "description": "There were several vulnerabilites reported against wordpress, as follows :\n\nCVE-2020-28032\n\nWordPress before 4.7.19 mishandles deserialization requests in wp-includes/Requests/Utility/FilteredIterator.php.\n\nCVE-2020-28033\n\nWordPress before 4.7.19 mishandles embeds from disabled sites on a multisite network, as demonstrated by allowing a spam embed.\n\nCVE-2020-28034\n\nWordPress before 4.7.19 allows XSS associated with global variables.\n\nCVE-2020-28035\n\nWordPress before 4.7.19 allows attackers to gain privileges via XML-RPC.\n\nCVE-2020-28036\n\nwp-includes/class-wp-xmlrpc-server.php in WordPress before 4.7.19 allows attackers to gain privileges by using XML-RPC to comment on a post.\n\nCVE-2020-28037\n\nis_blog_installed in wp-includes/functions.php in WordPress before 4.7.19 improperly determines whether WordPress is already installed, which might allow an attacker to perform a new installation, leading to remote code execution (as well as a denial of service for the old installation).\n\nCVE-2020-28038\n\nWordPress before 4.7.19 allows stored XSS via post slugs.\n\nCVE-2020-28039\n\nis_protected_meta in wp-includes/meta.php in WordPress before 4.7.19 allows arbitrary file deletion because it does not properly determine whether a meta key is considered protected.\n\nCVE-2020-28040\n\nWordPress before 4.7.19 allows CSRF attacks that change a theme's background image.\n\nFor Debian 9 stretch, these problems have been fixed in version 4.7.19+dfsg-1+deb9u1.\n\nWe recommend that you upgrade your wordpress packages.\n\nFor the detailed security status of wordpress please refer to its security tracker page at:\nhttps://security-tracker.debian.org/tracker/wordpress\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-11-06T00:00:00", "type": "nessus", "title": "Debian DLA-2429-1 : wordpress security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-28032", "CVE-2020-28033", "CVE-2020-28034", "CVE-2020-28035", "CVE-2020-28036", "CVE-2020-28037", "CVE-2020-28038", "CVE-2020-28039", "CVE-2020-28040"], "modified": "2020-11-20T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:wordpress", "p-cpe:/a:debian:debian_linux:wordpress-l10n", "p-cpe:/a:debian:debian_linux:wordpress-theme-twentyfifteen", "p-cpe:/a:debian:debian_linux:wordpress-theme-twentyseventeen", "p-cpe:/a:debian:debian_linux:wordpress-theme-twentysixteen", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DLA-2429.NASL", "href": "https://www.tenable.com/plugins/nessus/142504", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2429-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(142504);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/20\");\n\n script_cve_id(\"CVE-2020-28032\", \"CVE-2020-28033\", \"CVE-2020-28034\", \"CVE-2020-28035\", \"CVE-2020-28036\", \"CVE-2020-28037\", \"CVE-2020-28038\", \"CVE-2020-28039\", \"CVE-2020-28040\");\n\n script_name(english:\"Debian DLA-2429-1 : wordpress security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"There were several vulnerabilites reported against wordpress, as\nfollows :\n\nCVE-2020-28032\n\nWordPress before 4.7.19 mishandles deserialization requests in\nwp-includes/Requests/Utility/FilteredIterator.php.\n\nCVE-2020-28033\n\nWordPress before 4.7.19 mishandles embeds from disabled sites on a\nmultisite network, as demonstrated by allowing a spam embed.\n\nCVE-2020-28034\n\nWordPress before 4.7.19 allows XSS associated with global variables.\n\nCVE-2020-28035\n\nWordPress before 4.7.19 allows attackers to gain privileges via\nXML-RPC.\n\nCVE-2020-28036\n\nwp-includes/class-wp-xmlrpc-server.php in WordPress before 4.7.19\nallows attackers to gain privileges by using XML-RPC to comment on a\npost.\n\nCVE-2020-28037\n\nis_blog_installed in wp-includes/functions.php in WordPress before\n4.7.19 improperly determines whether WordPress is already installed,\nwhich might allow an attacker to perform a new installation, leading\nto remote code execution (as well as a denial of service for the old\ninstallation).\n\nCVE-2020-28038\n\nWordPress before 4.7.19 allows stored XSS via post slugs.\n\nCVE-2020-28039\n\nis_protected_meta in wp-includes/meta.php in WordPress before 4.7.19\nallows arbitrary file deletion because it does not properly determine\nwhether a meta key is considered protected.\n\nCVE-2020-28040\n\nWordPress before 4.7.19 allows CSRF attacks that change a theme's\nbackground image.\n\nFor Debian 9 stretch, these problems have been fixed in version\n4.7.19+dfsg-1+deb9u1.\n\nWe recommend that you upgrade your wordpress packages.\n\nFor the detailed security status of wordpress please refer to its\nsecurity tracker page at:\nhttps://security-tracker.debian.org/tracker/wordpress\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2020/11/msg00004.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/wordpress\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/wordpress\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-28037\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:wordpress\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:wordpress-l10n\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:wordpress-theme-twentyfifteen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:wordpress-theme-twentyseventeen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:wordpress-theme-twentysixteen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"wordpress\", reference:\"4.7.19+dfsg-1+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"wordpress-l10n\", reference:\"4.7.19+dfsg-1+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"wordpress-theme-twentyfifteen\", reference:\"4.7.19+dfsg-1+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"wordpress-theme-twentyseventeen\", reference:\"4.7.19+dfsg-1+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"wordpress-theme-twentysixteen\", reference:\"4.7.19+dfsg-1+deb9u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-01-15T13:46:04", "description": "According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities :\n\n - A deserialization vulnerability exists in Requests_Utility_FilteredIterator class.\n\n - A cross-site scripting (XSS) vulnerability exists via global variables and post slugs.\n\n - A denial of service vulnerability against the MySQL database.\n\n - Two privilege escalation vulnerabilities in XML-RPC.\n\n - An arbitrary file deletion vulnerability exists via a bypass of protected meta.\n\n - A cross-site request forgery (CSRF) vulnerability exists when updating a background image.\n\nNote that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-11-12T00:00:00", "type": "nessus", "title": "WordPress 3.9.x < 3.9.33 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-28035", "CVE-2020-28036", "CVE-2020-28039", "CVE-2020-28032", "CVE-2020-28033", "CVE-2020-28040", "CVE-2020-28037", "CVE-2020-28038", "CVE-2020-28034"], "modified": "2021-10-07T00:00:00", "cpe": ["cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*"], "id": "WEB_APPLICATION_SCANNING_112633", "href": "https://www.tenable.com/plugins/was/112633", "sourceData": "No source data", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-01-15T13:46:09", "description": "According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities :\n\n - A deserialization vulnerability exists in Requests_Utility_FilteredIterator class.\n\n - A cross-site scripting (XSS) vulnerability exists via global variables and post slugs.\n\n - A denial of service vulnerability against the MySQL database.\n\n - Two privilege escalation vulnerabilities in XML-RPC.\n\n - An arbitrary file deletion vulnerability exists via a bypass of protected meta.\n\n - A cross-site request forgery (CSRF) vulnerability exists when updating a background image.\n\nNote that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-11-12T00:00:00", "type": "nessus", "title": "WordPress 4.3.x < 4.3.25 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-28035", "CVE-2020-28036", "CVE-2020-28039", "CVE-2020-28032", "CVE-2020-28033", "CVE-2020-28040", "CVE-2020-28037", "CVE-2020-28038", "CVE-2020-28034"], "modified": "2021-10-07T00:00:00", "cpe": ["cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*"], "id": "WEB_APPLICATION_SCANNING_112637", "href": "https://www.tenable.com/plugins/was/112637", "sourceData": "No source data", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-01-15T13:46:12", "description": "According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities :\n\n - A deserialization vulnerability exists in Requests_Utility_FilteredIterator class.\n\n - A cross-site scripting (XSS) vulnerability exists via global variables and post slugs.\n\n - A denial of service vulnerability against the MySQL database.\n\n - Two privilege escalation vulnerabilities in XML-RPC.\n\n - An arbitrary file deletion vulnerability exists via a bypass of protected meta.\n\n - A cross-site request forgery (CSRF) vulnerability exists when updating a background image.\n\nNote that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-11-12T00:00:00", "type": "nessus", "title": "WordPress 4.9.x < 4.9.16 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-28035", "CVE-2020-28036", "CVE-2020-28039", "CVE-2020-28032", "CVE-2020-28033", "CVE-2020-28040", "CVE-2020-28037", "CVE-2020-28038", "CVE-2020-28034"], "modified": "2021-10-07T00:00:00", "cpe": ["cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*"], "id": "WEB_APPLICATION_SCANNING_112643", "href": "https://www.tenable.com/plugins/was/112643", "sourceData": "No source data", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-01-15T13:46:22", "description": "According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities :\n\n - A deserialization vulnerability exists in Requests_Utility_FilteredIterator class.\n\n - A cross-site scripting (XSS) vulnerability exists via global variables and post slugs.\n\n - A denial of service vulnerability against the MySQL database.\n\n - Two privilege escalation vulnerabilities in XML-RPC.\n\n - An arbitrary file deletion vulnerability exists via a bypass of protected meta.\n\n - A cross-site request forgery (CSRF) vulnerability exists when updating a background image.\n\nNote that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-11-12T00:00:00", "type": "nessus", "title": "WordPress 3.7.x < 3.7.35 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-28035", "CVE-2020-28036", "CVE-2020-28039", "CVE-2020-28032", "CVE-2020-28033", "CVE-2020-28040", "CVE-2020-28037", "CVE-2020-28038", "CVE-2020-28034"], "modified": "2021-10-07T00:00:00", "cpe": ["cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*"], "id": "WEB_APPLICATION_SCANNING_112631", "href": "https://www.tenable.com/plugins/was/112631", "sourceData": "No source data", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-05T15:32:35", "description": "**WordPress 5.5.3 Maintenance Release**\n\nThis maintenance release fixes an issue introduced in WordPress 5.5.2 which makes it impossible to install WordPress on a brand new website that does not have a database connection configured.\n\n----\n\n**WordPress 5.5.2 Security and Maintenance Release**\n\n**Security Updates**\n\n - Props to Alex Concha of the WordPress Security Team for their work in hardening deserialization requests.\n\n - Props to David Binovec on a fix to disable spam embeds from disabled sites on a multisite network.\n\n - Thanks to Marc Montas from Sucuri for reporting an issue that could lead to XSS from global variables.\n\n - Thanks to Justin Tran who reported an issue surrounding privilege escalation in XML-RPC. He also found and disclosed an issue around privilege escalation around post commenting via XML-RPC.\n\n - Props to Omar Ganiev who reported a method where a DoS attack could lead to RCE.\n\n - Thanks to Karim El Ouerghemmi from RIPS who disclosed a method to store XSS in post slugs.\n\n - Thanks to Slavco for reporting, and confirmation from Karim El Ouerghemmi, a method to bypass protected meta that could lead to arbitrary file deletion.\n\n - Thanks to Erwan LR from WPScan who responsibly disclosed a method that could lead to CSRF.\n\n - And a special thanks to @zieladam who was integral in many of the releases and patches during this release.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-11-12T00:00:00", "type": "nessus", "title": "Fedora 33 : wordpress (2020-a764b11b52)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-28032", "CVE-2020-28033", "CVE-2020-28034", "CVE-2020-28035", "CVE-2020-28036", "CVE-2020-28037", "CVE-2020-28038", "CVE-2020-28039", "CVE-2020-28040"], "modified": "2020-11-20T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:wordpress", "cpe:/o:fedoraproject:fedora:33"], "id": "FEDORA_2020-A764B11B52.NASL", "href": "https://www.tenable.com/plugins/nessus/142830", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2020-a764b11b52.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(142830);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/20\");\n\n script_cve_id(\"CVE-2020-28032\", \"CVE-2020-28033\", \"CVE-2020-28034\", \"CVE-2020-28035\", \"CVE-2020-28036\", \"CVE-2020-28037\", \"CVE-2020-28038\", \"CVE-2020-28039\", \"CVE-2020-28040\");\n script_xref(name:\"FEDORA\", value:\"2020-a764b11b52\");\n\n script_name(english:\"Fedora 33 : wordpress (2020-a764b11b52)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"**WordPress 5.5.3 Maintenance Release**\n\nThis maintenance release fixes an issue introduced in WordPress 5.5.2\nwhich makes it impossible to install WordPress on a brand new website\nthat does not have a database connection configured.\n\n----\n\n**WordPress 5.5.2 Security and Maintenance Release**\n\n**Security Updates**\n\n - Props to Alex Concha of the WordPress Security Team for\n their work in hardening deserialization requests.\n\n - Props to David Binovec on a fix to disable spam embeds\n from disabled sites on a multisite network.\n\n - Thanks to Marc Montas from Sucuri for reporting an issue\n that could lead to XSS from global variables.\n\n - Thanks to Justin Tran who reported an issue surrounding\n privilege escalation in XML-RPC. He also found and\n disclosed an issue around privilege escalation around\n post commenting via XML-RPC.\n\n - Props to Omar Ganiev who reported a method where a DoS\n attack could lead to RCE.\n\n - Thanks to Karim El Ouerghemmi from RIPS who disclosed a\n method to store XSS in post slugs.\n\n - Thanks to Slavco for reporting, and confirmation from\n Karim El Ouerghemmi, a method to bypass protected meta\n that could lead to arbitrary file deletion.\n\n - Thanks to Erwan LR from WPScan who responsibly disclosed\n a method that could lead to CSRF.\n\n - And a special thanks to @zieladam who was integral in\n many of the releases and patches during this release.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2020-a764b11b52\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected wordpress package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-28037\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:wordpress\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:33\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^33([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 33\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC33\", reference:\"wordpress-5.5.3-1.fc33\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wordpress\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-05T15:33:15", "description": "**WordPress 5.5.3 Maintenance Release**\n\nThis maintenance release fixes an issue introduced in WordPress 5.5.2 which makes it impossible to install WordPress on a brand new website that does not have a database connection configured.\n\n----\n\n**WordPress 5.5.2 Security and Maintenance Release**\n\n**Security Updates**\n\n - Props to Alex Concha of the WordPress Security Team for their work in hardening deserialization requests.\n\n - Props to David Binovec on a fix to disable spam embeds from disabled sites on a multisite network.\n\n - Thanks to Marc Montas from Sucuri for reporting an issue that could lead to XSS from global variables.\n\n - Thanks to Justin Tran who reported an issue surrounding privilege escalation in XML-RPC. He also found and disclosed an issue around privilege escalation around post commenting via XML-RPC.\n\n - Props to Omar Ganiev who reported a method where a DoS attack could lead to RCE.\n\n - Thanks to Karim El Ouerghemmi from RIPS who disclosed a method to store XSS in post slugs.\n\n - Thanks to Slavco for reporting, and confirmation from Karim El Ouerghemmi, a method to bypass protected meta that could lead to arbitrary file deletion.\n\n - Thanks to Erwan LR from WPScan who responsibly disclosed a method that could lead to CSRF.\n\n - And a special thanks to @zieladam who was integral in many of the releases and patches during this release.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-11-12T00:00:00", "type": "nessus", "title": "Fedora 31 : wordpress (2020-15e15c35da)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-28032", "CVE-2020-28033", "CVE-2020-28034", "CVE-2020-28035", "CVE-2020-28036", "CVE-2020-28037", "CVE-2020-28038", "CVE-2020-28039", "CVE-2020-28040"], "modified": "2020-11-20T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:wordpress", "cpe:/o:fedoraproject:fedora:31"], "id": "FEDORA_2020-15E15C35DA.NASL", "href": "https://www.tenable.com/plugins/nessus/142857", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2020-15e15c35da.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(142857);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/20\");\n\n script_cve_id(\"CVE-2020-28032\", \"CVE-2020-28033\", \"CVE-2020-28034\", \"CVE-2020-28035\", \"CVE-2020-28036\", \"CVE-2020-28037\", \"CVE-2020-28038\", \"CVE-2020-28039\", \"CVE-2020-28040\");\n script_xref(name:\"FEDORA\", value:\"2020-15e15c35da\");\n\n script_name(english:\"Fedora 31 : wordpress (2020-15e15c35da)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"**WordPress 5.5.3 Maintenance Release**\n\nThis maintenance release fixes an issue introduced in WordPress 5.5.2\nwhich makes it impossible to install WordPress on a brand new website\nthat does not have a database connection configured.\n\n----\n\n**WordPress 5.5.2 Security and Maintenance Release**\n\n**Security Updates**\n\n - Props to Alex Concha of the WordPress Security Team for\n their work in hardening deserialization requests.\n\n - Props to David Binovec on a fix to disable spam embeds\n from disabled sites on a multisite network.\n\n - Thanks to Marc Montas from Sucuri for reporting an issue\n that could lead to XSS from global variables.\n\n - Thanks to Justin Tran who reported an issue surrounding\n privilege escalation in XML-RPC. He also found and\n disclosed an issue around privilege escalation around\n post commenting via XML-RPC.\n\n - Props to Omar Ganiev who reported a method where a DoS\n attack could lead to RCE.\n\n - Thanks to Karim El Ouerghemmi from RIPS who disclosed a\n method to store XSS in post slugs.\n\n - Thanks to Slavco for reporting, and confirmation from\n Karim El Ouerghemmi, a method to bypass protected meta\n that could lead to arbitrary file deletion.\n\n - Thanks to Erwan LR from WPScan who responsibly disclosed\n a method that could lead to CSRF.\n\n - And a special thanks to @zieladam who was integral in\n many of the releases and patches during this release.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2020-15e15c35da\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected wordpress package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-28037\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:wordpress\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:31\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^31([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 31\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC31\", reference:\"wordpress-5.5.3-1.fc31\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wordpress\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-01-15T13:46:47", "description": "According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities :\n\n - A deserialization vulnerability exists in Requests_Utility_FilteredIterator class.\n\n - A cross-site scripting (XSS) vulnerability exists via global variables and post slugs.\n\n - A denial of service vulnerability against the MySQL database.\n\n - Two privilege escalation vulnerabilities in XML-RPC.\n\n - An arbitrary file deletion vulnerability exists via a bypass of protected meta.\n\n - A cross-site request forgery (CSRF) vulnerability exists when updating a background image.\n\nNote that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-11-12T00:00:00", "type": "nessus", "title": "WordPress 4.1.x < 4.1.32 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-28035", "CVE-2020-28036", "CVE-2020-28039", "CVE-2020-28032", "CVE-2020-28033", "CVE-2020-28040", "CVE-2020-28037", "CVE-2020-28038", "CVE-2020-28034"], "modified": "2021-10-07T00:00:00", "cpe": ["cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*"], "id": "WEB_APPLICATION_SCANNING_112635", "href": "https://www.tenable.com/plugins/was/112635", "sourceData": "No source data", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-01-15T13:47:01", "description": "According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities :\n\n - A deserialization vulnerability exists in Requests_Utility_FilteredIterator class.\n\n - A cross-site scripting (XSS) vulnerability exists via global variables and post slugs.\n\n - A denial of service vulnerability against the MySQL database.\n\n - Two privilege escalation vulnerabilities in XML-RPC.\n\n - An arbitrary file deletion vulnerability exists via a bypass of protected meta.\n\n - A cross-site request forgery (CSRF) vulnerability exists when updating a background image.\n\nNote that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-11-12T00:00:00", "type": "nessus", "title": "WordPress 4.5.x < 4.5.23 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-28035", "CVE-2020-28036", "CVE-2020-28039", "CVE-2020-28032", "CVE-2020-28033", "CVE-2020-28040", "CVE-2020-28037", "CVE-2020-28038", "CVE-2020-28034"], "modified": "2021-10-07T00:00:00", "cpe": ["cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*"], "id": "WEB_APPLICATION_SCANNING_112639", "href": "https://www.tenable.com/plugins/was/112639", "sourceData": "No source data", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-01-15T13:47:06", "description": "According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities :\n\n - A deserialization vulnerability exists in Requests_Utility_FilteredIterator class.\n\n - A cross-site scripting (XSS) vulnerability exists via global variables and post slugs.\n\n - A denial of service vulnerability against the MySQL database.\n\n - Two privilege escalation vulnerabilities in XML-RPC.\n\n - An arbitrary file deletion vulnerability exists via a bypass of protected meta.\n\n - A cross-site request forgery (CSRF) vulnerability exists when updating a background image.\n\nNote that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-11-12T00:00:00", "type": "nessus", "title": "WordPress 5.0.x < 5.0.11 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-28035", "CVE-2020-28036", "CVE-2020-28039", "CVE-2020-28032", "CVE-2020-28033", "CVE-2020-28040", "CVE-2020-28037", "CVE-2020-28038", "CVE-2020-28034"], "modified": "2021-10-07T00:00:00", "cpe": ["cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*"], "id": "WEB_APPLICATION_SCANNING_112644", "href": "https://www.tenable.com/plugins/was/112644", "sourceData": "No source data", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-01-15T13:46:35", "description": "According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities :\n\n - A deserialization vulnerability exists in Requests_Utility_FilteredIterator class.\n\n - A cross-site scripting (XSS) vulnerability exists via global variables and post slugs.\n\n - A denial of service vulnerability against the MySQL database.\n\n - Two privilege escalation vulnerabilities in XML-RPC.\n\n - An arbitrary file deletion vulnerability exists via a bypass of protected meta.\n\n - A cross-site request forgery (CSRF) vulnerability exists when updating a background image.\n\nNote that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-11-12T00:00:00", "type": "nessus", "title": "WordPress 5.2.x < 5.2.8 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-28035", "CVE-2020-28036", "CVE-2020-28039", "CVE-2020-28032", "CVE-2020-28033", "CVE-2020-28040", "CVE-2020-28037", "CVE-2020-28038", "CVE-2020-28034"], "modified": "2021-10-07T00:00:00", "cpe": ["cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*"], "id": "WEB_APPLICATION_SCANNING_112646", "href": "https://www.tenable.com/plugins/was/112646", "sourceData": "No source data", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-01-15T13:46:00", "description": "According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities :\n\n - A deserialization vulnerability exists in Requests_Utility_FilteredIterator class.\n\n - A cross-site scripting (XSS) vulnerability exists via global variables and post slugs.\n\n - A denial of service vulnerability against the MySQL database.\n\n - Two privilege escalation vulnerabilities in XML-RPC.\n\n - An arbitrary file deletion vulnerability exists via a bypass of protected meta.\n\n - A cross-site request forgery (CSRF) vulnerability exists when updating a background image.\n\nNote that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-11-12T00:00:00", "type": "nessus", "title": "WordPress 5.4.x < 5.4.3 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-28035", "CVE-2020-28036", "CVE-2020-28039", "CVE-2020-28032", "CVE-2020-28033", "CVE-2020-28040", "CVE-2020-28037", "CVE-2020-28038", "CVE-2020-28034"], "modified": "2021-10-07T00:00:00", "cpe": ["cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*"], "id": "WEB_APPLICATION_SCANNING_112648", "href": "https://www.tenable.com/plugins/was/112648", "sourceData": "No source data", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-01-15T13:46:24", "description": "According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities :\n\n - A deserialization vulnerability exists in Requests_Utility_FilteredIterator class.\n\n - A cross-site scripting (XSS) vulnerability exists via global variables and post slugs.\n\n - A denial of service vulnerability against the MySQL database.\n\n - Two privilege escalation vulnerabilities in XML-RPC.\n\n - An arbitrary file deletion vulnerability exists via a bypass of protected meta.\n\n - A cross-site request forgery (CSRF) vulnerability exists when updating a background image.\n\nNote that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-11-12T00:00:00", "type": "nessus", "title": "WordPress 5.5.x < 5.5.2 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-28035", "CVE-2020-28036", "CVE-2020-28039", "CVE-2020-28032", "CVE-2020-28033", "CVE-2020-28040", "CVE-2020-28037", "CVE-2020-28038", "CVE-2020-28034"], "modified": "2021-10-07T00:00:00", "cpe": ["cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*"], "id": "WEB_APPLICATION_SCANNING_112649", "href": "https://www.tenable.com/plugins/was/112649", "sourceData": "No source data", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-05T15:33:15", "description": "Several vulnerabilities were discovered in Wordpress, a web blogging tool. They allowed remote attackers to run insecure deserialization, embed spam, perform various Cross-Site Scripting (XSS) or Cross-Site Request Forgery (CSRF) attacks, escalate privileges, run arbitrary code, and delete arbitrary files.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-11-09T00:00:00", "type": "nessus", "title": "Debian DSA-4784-1 : wordpress - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-28032", "CVE-2020-28033", "CVE-2020-28034", "CVE-2020-28035", "CVE-2020-28036", "CVE-2020-28037", "CVE-2020-28038", "CVE-2020-28039", "CVE-2020-28040"], "modified": "2020-11-20T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:wordpress", "cpe:/o:debian:debian_linux:10.0"], "id": "DEBIAN_DSA-4784.NASL", "href": "https://www.tenable.com/plugins/nessus/142626", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4784. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(142626);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/20\");\n\n script_cve_id(\"CVE-2020-28032\", \"CVE-2020-28033\", \"CVE-2020-28034\", \"CVE-2020-28035\", \"CVE-2020-28036\", \"CVE-2020-28037\", \"CVE-2020-28038\", \"CVE-2020-28039\", \"CVE-2020-28040\");\n script_xref(name:\"DSA\", value:\"4784\");\n\n script_name(english:\"Debian DSA-4784-1 : wordpress - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Several vulnerabilities were discovered in Wordpress, a web blogging\ntool. They allowed remote attackers to run insecure deserialization,\nembed spam, perform various Cross-Site Scripting (XSS) or Cross-Site\nRequest Forgery (CSRF) attacks, escalate privileges, run arbitrary\ncode, and delete arbitrary files.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=971914\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973562\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/wordpress\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/buster/wordpress\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2020/dsa-4784\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade the wordpress packages.\n\nFor the stable distribution (buster), these problems have been fixed\nin version 5.0.11+dfsg1-0+deb10u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-28037\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:wordpress\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:10.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"10.0\", prefix:\"wordpress\", reference:\"5.0.11+dfsg1-0+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"wordpress-l10n\", reference:\"5.0.11+dfsg1-0+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"wordpress-theme-twentynineteen\", reference:\"5.0.11+dfsg1-0+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"wordpress-theme-twentyseventeen\", reference:\"5.0.11+dfsg1-0+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"wordpress-theme-twentysixteen\", reference:\"5.0.11+dfsg1-0+deb10u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2021-07-28T14:46:52", "description": "Wordpress is an online publishing / weblog package that makes it very easy, almost trivial, to get information out to people on the web. Important information in /usr/share/doc/wordpress/README.fedora ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-11-11T01:32:19", "type": "fedora", "title": "[SECURITY] Fedora 31 Update: wordpress-5.5.3-1.fc31", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-28032", "CVE-2020-28033", "CVE-2020-28034", "CVE-2020-28035", "CVE-2020-28036", "CVE-2020-28037", "CVE-2020-28038", "CVE-2020-28039", "CVE-2020-28040"], "modified": "2020-11-11T01:32:19", "id": "FEDORA:8A0C63052A40", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/VAVVYJKA2I6CRQUINECDPBGWMQDEG244/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T14:46:52", "description": "Wordpress is an online publishing / weblog package that makes it very easy, almost trivial, to get information out to people on the web. Important information in /usr/share/doc/wordpress/README.fedora ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-11-11T01:21:28", "type": "fedora", "title": "[SECURITY] Fedora 32 Update: wordpress-5.5.3-1.fc32", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-28032", "CVE-2020-28033", "CVE-2020-28034", "CVE-2020-28035", "CVE-2020-28036", "CVE-2020-28037", "CVE-2020-28038", "CVE-2020-28039", "CVE-2020-28040"], "modified": "2020-11-11T01:21:28", "id": "FEDORA:4B1EB30C2A57", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/CHHVNK2WYAM3ZTCXTFSEIT56IKLVJHU3/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T14:46:52", "description": "Wordpress is an online publishing / weblog package that makes it very easy, almost trivial, to get information out to people on the web. Important information in /usr/share/doc/wordpress/README.fedora ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-11-11T01:20:58", "type": "fedora", "title": "[SECURITY] Fedora 33 Update: wordpress-5.5.3-1.fc33", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-28032", "CVE-2020-28033", "CVE-2020-28034", "CVE-2020-28035", "CVE-2020-28036", "CVE-2020-28037", "CVE-2020-28038", "CVE-2020-28039", "CVE-2020-28040"], "modified": "2020-11-11T01:20:58", "id": "FEDORA:757F330BFF33", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/VUXVUAKL2HL4QYJEPHBNVQQWRMFMII2Y/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2021-10-21T21:37:58", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4784-1 security@debian.org\nhttps://www.debian.org/security/ Sebastien Delafond\nNovember 06, 2020 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : wordpress\nCVE ID : CVE-2020-28032 CVE-2020-28033 CVE-2020-28034 CVE-2020-28035 \n CVE-2020-28036 CVE-2020-28037 CVE-2020-28038 CVE-2020-28039 \n CVE-2020-28040\nDebian Bug : 971914 973562\n\nSeveral vulnerabilities were discovered in Wordpress, a web blogging\ntool. They allowed remote attackers to run insecure deserialization,\nembed spam, perform various Cross-Site Scripting (XSS) or Cross-Site\nRequest Forgery (CSRF) attacks, escalate privileges, run arbitrary\ncode, and delete arbitrary files.\n\nFor the stable distribution (buster), these problems have been fixed in\nversion 5.0.11+dfsg1-0+deb10u1.\n\nWe recommend that you upgrade your wordpress packages.\n\nFor the detailed security status of wordpress please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/wordpress\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-11-06T13:39:18", "type": "debian", "title": "[SECURITY] [DSA 4784-1] wordpress security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-28032", "CVE-2020-28033", "CVE-2020-28034", "CVE-2020-28035", "CVE-2020-28036", "CVE-2020-28037", "CVE-2020-28038", "CVE-2020-28039", "CVE-2020-28040"], "modified": "2020-11-06T13:39:18", "id": "DEBIAN:DSA-4784-1:0D7EE", "href": "https://lists.debian.org/debian-security-announce/2020/msg00191.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-02-17T11:31:09", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4784-1 security@debian.org\nhttps://www.debian.org/security/ Sebastien Delafond\nNovember 06, 2020 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : wordpress\nCVE ID : CVE-2020-28032 CVE-2020-28033 CVE-2020-28034 CVE-2020-28035 \n CVE-2020-28036 CVE-2020-28037 CVE-2020-28038 CVE-2020-28039 \n CVE-2020-28040\nDebian Bug : 971914 973562\n\nSeveral vulnerabilities were discovered in Wordpress, a web blogging\ntool. They allowed remote attackers to run insecure deserialization,\nembed spam, perform various Cross-Site Scripting (XSS) or Cross-Site\nRequest Forgery (CSRF) attacks, escalate privileges, run arbitrary\ncode, and delete arbitrary files.\n\nFor the stable distribution (buster), these problems have been fixed in\nversion 5.0.11+dfsg1-0+deb10u1.\n\nWe recommend that you upgrade your wordpress packages.\n\nFor the detailed security status of wordpress please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/wordpress\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-11-06T13:39:18", "type": "debian", "title": "[SECURITY] [DSA 4784-1] wordpress security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-28032", "CVE-2020-28033", "CVE-2020-28034", "CVE-2020-28035", "CVE-2020-28036", "CVE-2020-28037", "CVE-2020-28038", "CVE-2020-28039", "CVE-2020-28040"], "modified": "2020-11-06T13:39:18", "id": "DEBIAN:DSA-4784-1:E62C4", "href": "https://lists.debian.org/debian-security-announce/2020/msg00191.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-22T11:45:05", "description": "- -----------------------------------------------------------------------\nDebian LTS Advisory DLA-2429-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Utkarsh Gupta\nNovember 03, 2020 https://wiki.debian.org/LTS\n- -----------------------------------------------------------------------\n\nPackage : wordpress\nVersion : 4.7.19+dfsg-1+deb9u1\nCVE ID : CVE-2020-28032 CVE-2020-28033 CVE-2020-28034\n CVE-2020-28035 CVE-2020-28036 CVE-2020-28037\n CVE-2020-28038 CVE-2020-28039 CVE-2020-28040\nDebian Bug : 973562\n\nThere were several vulnerabilites reported against wordpress,\nas follows:\n\nCVE-2020-28032\n\n WordPress before 4.7.19 mishandles deserialization requests in\n wp-includes/Requests/Utility/FilteredIterator.php.\n\nCVE-2020-28033\n\n WordPress before 4.7.19 mishandles embeds from disabled sites\n on a multisite network, as demonstrated by allowing a spam\n embed.\n\nCVE-2020-28034\n\n WordPress before 4.7.19 allows XSS associated with global\n variables.\n\nCVE-2020-28035\n\n WordPress before 4.7.19 allows attackers to gain privileges via\n XML-RPC.\n\nCVE-2020-28036\n\n wp-includes/class-wp-xmlrpc-server.php in WordPress before\n 4.7.19 allows attackers to gain privileges by using XML-RPC to\n comment on a post.\n\nCVE-2020-28037\n\n is_blog_installed in wp-includes/functions.php in WordPress\n before 4.7.19 improperly determines whether WordPress is\n already installed, which might allow an attacker to perform\n a new installation, leading to remote code execution (as well\n as a denial of service for the old installation).\n\nCVE-2020-28038\n\n WordPress before 4.7.19 allows stored XSS via post slugs.\n\nCVE-2020-28039\n\n is_protected_meta in wp-includes/meta.php in WordPress before\n 4.7.19 allows arbitrary file deletion because it does not\n properly determine whether a meta key is considered protected.\n\nCVE-2020-28040\n\n WordPress before 4.7.19 allows CSRF attacks that change a\n theme's background image.\n\nFor Debian 9 stretch, these problems have been fixed in version\n4.7.19+dfsg-1+deb9u1.\n\nWe recommend that you upgrade your wordpress packages.\n\nFor the detailed security status of wordpress please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/wordpress\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-11-03T07:19:50", "type": "debian", "title": "[SECURITY] [DLA 2429-1] wordpress security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-28032", "CVE-2020-28033", "CVE-2020-28034", "CVE-2020-28035", "CVE-2020-28036", "CVE-2020-28037", "CVE-2020-28038", "CVE-2020-28039", "CVE-2020-28040"], "modified": "2020-11-03T07:19:50", "id": "DEBIAN:DLA-2429-1:2CED7", "href": "https://lists.debian.org/debian-lts-announce/2020/11/msg00004.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "archlinux": [{"lastseen": "2021-07-28T14:33:57", "description": "Arch Linux Security Advisory ASA-202011-3\n=========================================\n\nSeverity: Critical\nDate : 2020-11-03\nCVE-ID : CVE-2020-28032 CVE-2020-28033 CVE-2020-28034 CVE-2020-28035\nCVE-2020-28036 CVE-2020-28037 CVE-2020-28038 CVE-2020-28039\nCVE-2020-28040\nPackage : wordpress\nType : multiple issues\nRemote : Yes\nLink : https://security.archlinux.org/AVG-1257\n\nSummary\n=======\n\nThe package wordpress before version 5.5.3-1 is vulnerable to multiple\nissues including arbitrary code execution, cross-site request forgery,\ncross-site scripting, insufficient validation and privilege escalation.\n\nResolution\n==========\n\nUpgrade to 5.5.3-1.\n\n# pacman -Syu \"wordpress>=5.5.3-1\"\n\nThe problems have been fixed upstream in version 5.5.3.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2020-28032 (arbitrary code execution)\n\nWordPress before 5.5.2 mishandles deserialization requests in wp-\nincludes/Requests/Utility/FilteredIterator.php.\n\n- CVE-2020-28033 (insufficient validation)\n\nWordPress before 5.5.2 mishandles embeds from disabled sites on a\nmultisite network, as demonstrated by allowing a spam embed.\n\n- CVE-2020-28034 (cross-site scripting)\n\nWordPress before 5.5.2 allows XSS associated with global variables.\n\n- CVE-2020-28035 (privilege escalation)\n\nWordPress before 5.5.2 allows attackers to gain privileges via XML-RPC.\n\n- CVE-2020-28036 (privilege escalation)\n\nwp-includes/class-wp-xmlrpc-server.php in WordPress before 5.5.2 allows\nattackers to gain privileges by using XML-RPC to comment on a post.\n\n- CVE-2020-28037 (arbitrary code execution)\n\nis_blog_installed in wp-includes/functions.php in WordPress before\n5.5.2 improperly determines whether WordPress is already installed,\nwhich might allow an attacker to perform a new installation, leading to\nremote code execution (as well as a denial of service for the old\ninstallation).\n\n- CVE-2020-28038 (cross-site scripting)\n\nWordPress before 5.5.2 allows stored XSS via post slugs.\n\n- CVE-2020-28039 (insufficient validation)\n\nis_protected_meta in wp-includes/meta.php in WordPress before 5.5.2\nallows arbitrary file deletion because it does not properly determine\nwhether a meta key is considered protected.\n\n- CVE-2020-28040 (cross-site request forgery)\n\nWordPress before 5.5.2 allows CSRF attacks that change a theme's\nbackground image.\n\nImpact\n======\n\nA remote attacker can bypass security restrictions to post spam, spoof\ncontent, escalate privileges and execute arbitrary code.\n\nReferences\n==========\n\nhttps://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/\nhttps://github.com/WordPress/wordpress-develop/commit/add6bedf3a53b647d0ebda2970057912d3cd79d3\nhttps://github.com/WordPress/wordpress-develop/commit/e2142c20be3c07f7e5931014bca9a6e7f473479f\nhttps://github.com/WordPress/wordpress-develop/commit/2d677cd4b2e24d0b5f17a3a278c719051bbe8e35\nhttps://github.com/WordPress/wordpress-develop/commit/c9e6b98968025b1629015998d12c3102165a7d32\nhttps://github.com/WordPress/wordpress-develop/commit/2ca15d1e5ce70493c5c0c096ca0c76503d6da07c\nhttps://github.com/WordPress/wordpress-develop/commit/d5ddd6d4be1bc9fd16b7796842e6fb26315705ad\nhttps://blog.wpscan.com/2020/10/30/wordpress-5.5.2-security-release.html\nhttps://github.com/WordPress/wordpress-develop/commit/69e832398254b7f47d137afaed40ff186015a71b\nhttps://security.archlinux.org/CVE-2020-28032\nhttps://security.archlinux.org/CVE-2020-28033\nhttps://security.archlinux.org/CVE-2020-28034\nhttps://security.archlinux.org/CVE-2020-28035\nhttps://security.archlinux.org/CVE-2020-28036\nhttps://security.archlinux.org/CVE-2020-28037\nhttps://security.archlinux.org/CVE-2020-28038\nhttps://security.archlinux.org/CVE-2020-28039\nhttps://security.archlinux.org/CVE-2020-28040", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-11-03T00:00:00", "type": "archlinux", "title": "[ASA-202011-3] wordpress: multiple issues", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-28032", "CVE-2020-28033", "CVE-2020-28034", "CVE-2020-28035", "CVE-2020-28036", "CVE-2020-28037", "CVE-2020-28038", "CVE-2020-28039", "CVE-2020-28040"], "modified": "2020-11-03T00:00:00", "id": "ASA-202011-3", "href": "https://security.archlinux.org/ASA-202011-3", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}
WordPress < 5.5.2 - Cross-Site Scripting (XSS) via Global Variables
