Multiple vulnerabilities in WordPress

Published: 2017-11-29 23:44:50
Severity Low
Patch available YES
Number of vulnerabilities 4
CVSSv2 1.9 (AV:N/AC:H/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
2.6 (AV:N/AC:M/Au:S/C:N/I:P/A:N/E:U/RL:OF/RC:C)
2.6 (AV:N/AC:M/Au:S/C:N/I:P/A:N/E:U/RL:OF/RC:C)
2.6 (AV:N/AC:M/Au:S/C:N/I:P/A:N/E:U/RL:OF/RC:C)
CVSSv3 3.1 [CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
3.7 [CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
3.7 [CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
3.7 [CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE ID CVE-2017-17091
CVE-2017-17093
CVE-2017-17094
CVE-2017-17092
CWE ID CWE-330
CWE-79
CWE-284
Exploitation vector Network
Public exploit Not available
Vulnerable software WordPress
Vulnerable software versions WordPress 3.7.23
WordPress 3.7.22
WordPress 3.7.21
Show more
Vendor URL WordPress.ORG
Advisory type Public

Security Advisory

1) Insufficient randomization

Description

The vulnerability allows a remote attacker to bypass certain security restrictions.

The vulnerability exists in wp-admin/user-new.php script due to usage of a determinate substring in newbloguser key, which can be directly derived from the user ID. A remote attacker can guess the key and bypass intended access restrictions.

Remediation

Update to version 4.9.1.

External links

https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/

2) Cross-site scripting

Description

The vulnerability allows a remote attacker to perform XSS attacks.

The vulnerability exists due to insufficient sanitization of the language attributes used on html elements in wp-includes/general-template.php script. A remote attacker can bypass implemented filters and execute arbitrary HTML and script code in victims browser in context of the vulnerable website.

Remediation

Update to version 4.9.1.

External links

https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/

3) Cross-site scripting

Description

The vulnerability allows a remote attacker to perform XSS attacks.

The vulnerability exists due to insufficient sanitization of the attributes of enclosures in RSS and Atom feeds within wp-includes/feed.php script. A remote attacker can bypass implemented filters and execute arbitrary HTML and script code in victims browser in context of the vulnerable website.

Remediation

Update to version 4.9.1.

External links

https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/

4) Improper access control

Description

The vulnerability allows a remote attacker to upload JavaScript files.

The vulnerability exists due to incorrectly implemented access restrictions in wp-includes/functions.php script, which allowed uploading of JavaScript files for users without unfiltered_html permissions. A remote authenticated attacker can upload malicious JavaScript file and perform XSS or spoofing attacks against website users.

Remediation

Update to version 4.9.1.

External links

https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/

Back to List