WordPress Multiple Vulnerabilities - September19 (Windows)

Published: 2019-09-09 08:20:00

CVSS Base Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N

Detection Type:
Remote Banner

Solution Type:
Vendor Patch

Summary:
Wordpress is prone to multiple vulnerabilities.

Technical Details:
The following vulnerabilities exist: - a cross-site scripting (XSS) vulnerability found in post previews by contributors and a cross-site scripting vulnerability in stored comments - an issue where validation and sanitization of a URL could lead to an open redirect - reflected cross-site scripting during media uploads - a vulnerability for cross-site scripting (XSS) in shortcode previews - a case where reflected cross-site scripting could be found in the dashboard - an issue with URL sanitization that can lead to cross-site scripting (XSS) attacks.

Affected Versions:
WordPress 5.2.x before 5.2.3, 5.1.x before 5.1.2, 5.0.x before 5.0.6, 4.9.x before 4.9.11, 4.8.x before 4.8.10, 4.7.x before 4.7.14, 4.6.x before 4.6.15, 4.5.x before 4.5.18, 4.4.x before 4.4.19, 4.3.x before 4.3.20, 4.2.x before 4.2.24, 4.1.x before 4.1.27, 4.0.x before 4.0.27, 3.9.x before 3.9.28, 3.8.x before 3.8.30 and all previous versions before 3.7.30.

Detection Method:
Checks if a vulnerable version is present on the target host.

Recommendations:
Update to 5.2.3, 5.1.2, 5.0.6, 4.9.11, 4.8.10, 4.7.14, 4.6.15, 4.5.18, 4.4.19, 4.3.20, 4.2.24, 4.1.27, 4.0.27, 3.9.28, 3.8.30 or 3.7.30 respectively.

References:

https://wordpress.org/news/2019/09/wordpress-5-2-3-security-and-maintenance-release/

Search
Severity
Medium
CVSS Score
4.3

You never have to pay for a vulnerability scanning and management software again.

Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage your vulnerabilities. It is free and always will be.