SB2018011714 - Debian update for wordpress

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2018011714

SB2018011714 - Debian update for wordpress

Published: January 17, 2018 Updated: October 10, 2018

Security Bulletin ID SB2018011714
Severity
Medium
Patch available
YES
Number of vulnerabilities 6
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

Medium 17% Low 83%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 6 secuirty vulnerabilities.


1) Cross-site request forgery (CVE-ID: CVE-2017-9066)

The disclosed vulnerability allows a remote attacker to redirect users to arbitrary website.

The vulnerability exists due to insufficient validation of user-supplied data before redirecting visitors in the HTTP class. A remote attacker can exploit this vulnerability to interact with the web server using SSRF vector.

Successful exploitation of the vulnerability may allow an attacker to send HTTP requests to 0.0.0.0 on port 80, 443 and 8080.

Example:

http://[host]/wp-admin/press-this.php?u=http://[HOST|IP]

2) SQL injection (CVE-ID: CVE-2017-16510)

The vulnerability allows a remote attacker to execute arbitrary SQL commands in application's database.

The vulnerability exists due to an error in $wpdb->prepare() that can lead to SQL injection attacks exploited via third-party software. Successful exploitation of the vulnerability may allow an attacker to execute arbitrary SQL commands in web application database.

3) Insufficient randomization (CVE-ID: CVE-2017-17091)

The vulnerability allows a remote attacker to bypass certain security restrictions.

The vulnerability exists in wp-admin/user-new.php script due to usage of a determinate substring in newbloguser key, which can be directly derived from the user ID. A remote attacker can guess the key and bypass intended access restrictions.

4) Improper access control (CVE-ID: CVE-2017-17092)

The vulnerability allows a remote attacker to upload JavaScript files.

The vulnerability exists due to incorrectly implemented access restrictions in wp-includes/functions.php script, which allowed uploading of JavaScript files for users without unfiltered_html permissions. A remote authenticated attacker can upload malicious JavaScript file and perform XSS or spoofing attacks against website users.

5) Cross-site scripting (CVE-ID: CVE-2017-17093)

The vulnerability allows a remote attacker to perform XSS attacks.

The vulnerability exists due to insufficient sanitization of the language attributes used on html elements in wp-includes/general-template.php script. A remote attacker can bypass implemented filters and execute arbitrary HTML and script code in victims browser in context of the vulnerable website.

6) Cross-site scripting (CVE-ID: CVE-2017-17094)

The vulnerability allows a remote attacker to perform XSS attacks.

The vulnerability exists due to insufficient sanitization of the attributes of enclosures in RSS and Atom feeds within wp-includes/feed.php script. A remote attacker can bypass implemented filters and execute arbitrary HTML and script code in victims browser in context of the vulnerable website.

Remediation

Install update from vendor's website.

References