SB2017092002 - Multiple vulnerabilities in WordPress
Published: September 20, 2017
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 9 secuirty vulnerabilities.
1) SQL injection (CVE-ID: CVE-2017-14723)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in web application database.
The vulnerability exists due to insufficient validation of user-supplied data in $wpdb->prepare(). In certain cases, a remote attacker can execute arbitrary SQL commands in application database.
Successful exploitation of the vulnerability may allow an attacker to gain full access to web application database and compromise the web application.
2) Cross-site scripting (CVE-ID: CVE-2017-14724)
The vulnerability allows a remote attacker to perform cross-site scripting attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data in oEmbed discovery. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in victim’s browser in security context of vulnerable website.
3) Cross-site scripting (CVE-ID: CVE-2017-14726)
The vulnerability allows a remote attacker to perform cross-site scripting attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data in visual editor. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in victim’s browser in security context of vulnerable website.
4) Path traversal (CVE-ID: CVE-2017-14719)
The vulnerability allows a remote attacker to read arbitrary files on the system.
The vulnerability exists due to insufficient sanitization of user-supplied data in the file unzipping code in the ZipArchive and PclZip components. A remote attacker can send a specially crafted HTTP request containing directory traversal sequences and view contest of arbitrary file on vulnerable system.
5) Cross-site scripting (CVE-ID: CVE-2017-14721)
The vulnerability allows a remote attacker to perform cross-site scripting attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data in the plugin editor. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in victim’s browser in security context of vulnerable website.
6) Cross-site scripting (CVE-ID: CVE-2017-14720)
The vulnerability allows a remote attacker to perform cross-site scripting attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data in template names. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in victim’s browser in security context of vulnerable website.
7) Cross-site scripting (CVE-ID: CVE-2017-14718)
The vulnerability allows a remote attacker to perform cross-site scripting attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data in the link modal. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in victim’s browser in security context of vulnerable website.
8) Open redirect (CVE-ID: CVE-2017-14725)
The vulnerability allows a remote attacker to perform spoofing attacks.
The vulnerability exists due to insufficient validation of user-supplied data when performing redirects to external websites on the user and term edit screens. A remote attacker can trick the victim to follow a specially crafted link and perform a psoofing attack.
9) Path traversal (CVE-ID: CVE-2017-14722)
The vulnerability allows a remote attacker to read arbitrary files on the system.
The vulnerability exists due to insufficient sanitization of user-supplied data in the customizer. A remote attacker can send a specially crafted HTTP request containing directory traversal sequences and view contest of arbitrary file on vulnerable system.
Remediation
Install update from vendor's website.