Multiple vulnerabilities in WordPress



Published: 2017-09-20
Risk Medium
Patch available YES
Number of vulnerabilities 9
CVE ID CVE-2017-14723
CVE-2017-14724
CVE-2017-14726
CVE-2017-14719
CVE-2017-14721
CVE-2017-14720
CVE-2017-14718
CVE-2017-14725
CVE-2017-14722
CWE ID CWE-89
CWE-79
CWE-22
CWE-601
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
WordPress
Web applications / CMS

Vendor WordPress.ORG

Security Advisory

1) SQL injection

Risk: Medium

CVSSv3: 6.4 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2017-14723

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary SQL queries in web application database.

The vulnerability exists due to insufficient validation of user-supplied data in $wpdb->prepare(). In certain cases, a remote attacker can execute arbitrary SQL commands in application database.

Successful exploitation of the vulnerability may allow an attacker to gain full access to web application database and compromise the web application.

Mitigation

Update to version 4.8.2.

Vulnerable software versions

WordPress: 4.8, 4.8.1

CPE External links

https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Cross-site scripting

Risk: Low

CVSSv3: 5.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2017-14724

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform cross-site scripting attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data in oEmbed discovery. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in victim’s browser in security context of vulnerable website.

Mitigation

Update to version 4.8.2.

Vulnerable software versions

WordPress: 4.8, 4.8.1

CPE External links

https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Cross-site scripting

Risk: Low

CVSSv3: 5.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2017-14726

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform cross-site scripting attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data in visual editor. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in victim’s browser in security context of vulnerable website.

Mitigation

Update to version 4.8.2.

Vulnerable software versions

WordPress: 4.8, 4.8.1

CPE External links

https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Path traversal

Risk: Medium

CVSSv3: 7.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2017-14719

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Exploit availability: No

Description

The vulnerability allows a remote attacker to read arbitrary files on the system.

The vulnerability exists due to insufficient sanitization of user-supplied data in the file unzipping code in the ZipArchive and PclZip components. A remote attacker can send a specially crafted HTTP request containing directory traversal sequences and view contest of arbitrary file on vulnerable system.

Mitigation

Update to version 4.8.2.

Vulnerable software versions

WordPress: 4.8, 4.8.1

CPE External links

https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Cross-site scripting

Risk: Low

CVSSv3: 5.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2017-14721

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform cross-site scripting attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data in the plugin editor. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in victim’s browser in security context of vulnerable website.

Mitigation

Update to version 4.8.2.

Vulnerable software versions

WordPress: 4.8, 4.8.1

CPE External links

https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Cross-site scripting

Risk: Low

CVSSv3: 5.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2017-14720

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform cross-site scripting attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data in template names. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in victim’s browser in security context of vulnerable website.

Mitigation

Update to version 4.8.2.

Vulnerable software versions

WordPress: 4.8, 4.8.1

CPE External links

https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Cross-site scripting

Risk: Low

CVSSv3: 5.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2017-14718

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform cross-site scripting attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data in the link modal. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in victim’s browser in security context of vulnerable website.

Mitigation

Update to version 4.8.2.

Vulnerable software versions

WordPress: 4.8, 4.8.1

CPE External links

https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Open redirect

Risk: Low

CVSSv3: 4.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2017-14725

CWE-ID: CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform spoofing attacks.

The vulnerability exists due to insufficient validation of user-supplied data when performing redirects to external websites on the user and term edit screens. A remote attacker can trick the victim to follow a specially crafted link and perform a psoofing attack.

Mitigation

Update to version 4.8.2.

Vulnerable software versions

WordPress: 4.8, 4.8.1

CPE External links

https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Path traversal

Risk: Medium

CVSSv3: 7.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2017-14722

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Exploit availability: No

Description

The vulnerability allows a remote attacker to read arbitrary files on the system.

The vulnerability exists due to insufficient sanitization of user-supplied data in the customizer. A remote attacker can send a specially crafted HTTP request containing directory traversal sequences and view contest of arbitrary file on vulnerable system.

Mitigation

Update to version 4.8.2.

Vulnerable software versions

WordPress: 4.8, 4.8.1

CPE External links

https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



ImmuniWeb® AI Platform for Application Security Testing