SB2017051701 - Multiple vulnerabilities in WordPress

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2017051701

SB2017051701 - Multiple vulnerabilities in WordPress

Published: May 17, 2017

Security Bulletin ID SB2017051701
Severity
Low
Patch available
YES
Number of vulnerabilities 6
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 6 secuirty vulnerabilities.


1) Cross-site scripting (CVE-ID: CVE-2017-9063)

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data related to Customizer. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.


2) Cross-site scripting (CVE-ID: CVE-2017-9061)

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data when attempting to upload very large files. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.


3) Cross-site request forgery (CVE-ID: CVE-2017-9064)

The vulnerability allows a remote attacker to perform CSRF attack.

The vulnerability exists due to insufficient validation of the HTTP request origin in the filesystem credentials dialog. A remote attacker can trick the victim to follow a specially crafted link and perform CSRF attack.



4) Improper input validation (CVE-ID: CVE-2017-9065)

The vulnerability allows a remote attacker to bypass certain security restrictions.

The vulnerability exists due to lack of capability checks for post meta data in the XML-RPC API. A remote attacker can send a specially crafted request and bypass certain security restrictions.



5) Improper input validation (CVE-ID: CVE-2017-9062)

The vulnerability allows a remote attacker to bypass certain security restrictions.

The vulnerability exists due to improper handling of post meta data values in the XML-RPC API. A remote attacker can send a specially crafted request and bypass certain security restrictions.



6) Cross-site request forgery (CVE-ID: CVE-2017-9066)

The disclosed vulnerability allows a remote attacker to redirect users to arbitrary website.

The vulnerability exists due to insufficient validation of user-supplied data before redirecting visitors in the HTTP class. A remote attacker can exploit this vulnerability to interact with the web server using SSRF vector.

Successful exploitation of the vulnerability may allow an attacker to send HTTP requests to 0.0.0.0 on port 80, 443 and 8080.

Example:

http://[host]/wp-admin/press-this.php?u=http://[HOST|IP]

Remediation

Install update from vendor's website.

References