Multiple vulnerabilities in WordPress

Published: 2017-11-29 23:44:50
Severity Low
Patch available YES
Number of vulnerabilities 4
CVE ID CVE-2017-17091
CVE-2017-17093
CVE-2017-17094
CVE-2017-17092
CVSSv3 3.2 [CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
3.9 [CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
3.9 [CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
3.9 [CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CWE ID CWE-330
CWE-79
CWE-284
Exploitation vector Network
Public exploit N/A
Vulnerable software WordPress
Vulnerable software versions WordPress 3.7.23
WordPress 3.7.22
WordPress 3.7.21

Show more

Vendor URL WordPress.ORG

Security Advisory

1) Insufficient randomization

Description

The vulnerability allows a remote attacker to bypass certain security restrictions.

The vulnerability exists in wp-admin/user-new.php script due to usage of a determinate substring in newbloguser key, which can be directly derived from the user ID. A remote attacker can guess the key and bypass intended access restrictions.

Remediation

Update to version 4.9.1.

External links

https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/

2) Cross-site scripting

Description

The vulnerability allows a remote attacker to perform XSS attacks.

The vulnerability exists due to insufficient sanitization of the language attributes used on html elements in wp-includes/general-template.php script. A remote attacker can bypass implemented filters and execute arbitrary HTML and script code in victims browser in context of the vulnerable website.

Remediation

Update to version 4.9.1.

External links

https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/

3) Cross-site scripting

Description

The vulnerability allows a remote attacker to perform XSS attacks.

The vulnerability exists due to insufficient sanitization of the attributes of enclosures in RSS and Atom feeds within wp-includes/feed.php script. A remote attacker can bypass implemented filters and execute arbitrary HTML and script code in victims browser in context of the vulnerable website.

Remediation

Update to version 4.9.1.

External links

https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/

4) Improper access control

Description

The vulnerability allows a remote attacker to upload JavaScript files.

The vulnerability exists due to incorrectly implemented access restrictions in wp-includes/functions.php script, which allowed uploading of JavaScript files for users without unfiltered_html permissions. A remote authenticated attacker can upload malicious JavaScript file and perform XSS or spoofing attacks against website users.

Remediation

Update to version 4.9.1.

External links

https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/