WordPress Multiple Vulnerabilities
Last Update Date:
11 Apr 2014 10:05
Release Date:
11 Apr 2014
3849
Views
RISK: Medium Risk
TYPE: Servers - Web Servers
Multiple vulnerabilities have been identified in WordPress, which can be exploited by malicious people to conduct cross-site scripting and bypass certain security restrictions.
- An error in the cookie keyed hash value verification can be exploited to gain unauthorized access.
- An error when verifying the "publish_post" capability can be exploited to perform otherwise restricted operations e.g. publish new post with the Contributor role.
- Certain unspecified input related to Plupload is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
Impact
- Cross-Site Scripting
- Security Restriction Bypass
System / Technologies affected
- Versions prior to 3.8.2.
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- Update to version 3.8.2.
Vulnerability Identifier
- No CVE information is available
Source
Related Link
Share with