|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200506-04] Wordpress: Multiple vulnerabilities Vulnerability Scan
Vulnerability Scan Summary Wordpress: Multiple vulnerabilities
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200506-04
(Wordpress: Multiple vulnerabilities)
Due to a lack of input validation, WordPress is vulnerable to SQL
injection and XSS attacks.
Impact
A possible hacker could use the SQL injection vulnerabilites to gain
information from the database. Furthermore the cross-site scripting
issues give a possible hacker the ability to inject and execute malicious
script code or to steal cookie-based authentication credentials,
potentially compromising the victim's browser.
Workaround
There is no known workaround at this time.
Solution:
All Wordpress users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-apps/wordpress-1.5.1.2"
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.
|