Multiple vulnerabilities in WordPress

Published: 2017-01-27 10:19:59 | Updated: 2017-02-07 12:25:59
Severity High
Patch available YES
Number of vulnerabilities 4
CVSSv2 3 (AV:N/AC:L/Au:S/C:P/I:N/A:N/E:U/RL:OF/RC:C)
5.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
3.2 (AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
6.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P/E:H/RL:OF/RC:C)
CVSSv3 3.6 [CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
8.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
5.2 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
6.9 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:H/RL:O/RC:C]
CVE ID CVE-2017-5610
CVE-2017-5611
CVE-2017-5612
CWE ID CWE-284
CWE-89
CWE-79
CWE-264
Exploitation vector Network
Public exploit Vulnerability #4 is being exploited in the wild.
Vulnerable software WordPress
Vulnerable software versions WordPress 4.7
WordPress 4.7.1
Vendor URL WordPress.ORG
Advisory type Public

Security Advisory

The security rating of this bulletin was raised to "High" after WordPress disclosed vulnerability in REST API.

1) Improper access control

Description

The vulnerability allows a remote attacker to gain access to otherwise restricted information.

The vulnerability resides within wp-admin/includes/class-wp-press-this.php script in Press This functionality, which does not properly restrict visibility permissions to user interface for assigning taxonomy terms. A remote authenticated attacker may be able to gain access to potentially sensitive information.

Remediation

Update to version 4.7.2.

External links

https://wordpress.org/news/2017/01/wordpress-4-7-2-security-release/

2) SQL injection

Description

The vulnerability allows a remote attacker to execute arbitrary SQL commands in database.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can send specially crafted HTTP POST request to "wp-includes/class-wp-query.php" script, pass malformed WP_Query to an affected plugin or theme and execute arbitrary SQL commands in web application database.

Successful exploitation of the vulnerability may allow an attacker to gain complete control over vulnerable website.

Remediation

Update to version 4.7.2

External links

https://wordpress.org/news/2017/01/wordpress-4-7-2-security-release/

3) Cross-site scripting

Description

Vulnerability allows a remote authenticated attacker to perform Cross-site scripting attacks.

An input validation error exists in "wp-admin/includes/class-wp-posts-list-table.php" script in the posts list table. A remote attacker can trick the victim to follow a specially specially crafted link and execute arbitrary HTML and script code in victim's browser in security context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Remediation

Update to version 4.7.2

External links

https://wordpress.org/news/2017/01/wordpress-4-7-2-security-release/

4) Security bypass

Description

The vulnerability allows a remote attacker to inject arbitrary content.

The vulnerability exists due to web application fails to check privileges when processing requests sent via REST API in /wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php script. A remote attacker can send a specially crafted HTTP request to /wp-json/wp/v2/posts/{POST_ID} URL and post arbitrary content to your website.

Successful exploitation of the vulnerability may allow an attacker to perform phishing and drive-by-download attacks, spread spam content, etc. In certain cases this vulnerability can lead to remote PHP code execution leveraging functionality of third-party plugins.

Note: this vulnerability is being actively exploited in the wild.

Remediation

Update to version 4.7.2.

External links

https://wordpress.org/news/2017/01/wordpress-4-7-2-security-release/
https://blog.sucuri.net/2017/02/content-injection-vulnerability-wordpress-rest-api.html

Back to List