ID CVE-2016-5837
Summary WordPress before 4.5.3 allows remote attackers to bypass intended access restrictions and remove a category attribute from a post via unspecified vectors.
References
Vulnerable Configurations
  • WordPress 4.5.2
    cpe:2.3:a:wordpress:wordpress:4.5.2
CVSS
Base: 5.0 (as of 29-07-2016 - 09:09)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
nessus via4
  • NASL family CGI abuses
    NASL id WORDPRESS_4_5_3.NASL
    description According to its self-reported version number, the WordPress application running on the remote web server is 4.5.x prior to 4.5.3. It is, therefore, affected by the following vulnerabilities : - An unspecified flaw exists in the Customizer component that allows an unauthenticated, remote attacker to perform a redirect bypass. - Multiple cross-site scripting vulnerabilities exist due to improper validation of user-supplied input when handling attachment names. An unauthenticated, remote attacker can exploit these issues, via a specially crafted request, to execute arbitrary script code in a user's browser session. - An information disclosure vulnerability exists that allows an unauthenticated, remote attacker to disclose revision history. - An unspecified flaw exists in oEmbed that allows an unauthenticated, remote attacker to cause a denial of service condition. - An unspecified flaw exists that allows an unauthenticated, remote attacker to remove categories from posts. - An unspecified flaw exists that is triggered when handling stolen cookies. An unauthenticated, remote attacker can exploit this to change user passwords. - Multiple unspecified flaws exist in the sanitize_file_name() function that allow an unauthenticated, remote attacker to have an unspecified impact. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 91810
    published 2016-06-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=91810
    title WordPress 4.5.x < 4.5.3 Multiple Vulnerabilities
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_BFCC23B63B2711E68E82002590263BF5.NASL
    description Adam Silverstein reports : WordPress 4.5.3 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.5.2 and earlier are affected by several security issues: redirect bypass in the customizer, reported by Yassine Aboukir; two different XSS problems via attachment names, reported by Jouko Pynnonenand Divyesh Prajapati; revision history information disclosure, reported independently by John Blackbourn from the WordPress security team and by Dan Moen from the Wordfence Research Team; oEmbed denial of service reported by Jennifer Dodd from Automattic; unauthorized category removal from a post, reported by David Herrera from Alley Interactive; password change via stolen cookie, reported by Michael Adams from the WordPress security team; and some less secure sanitize_file_name edge cases reported by Peter Westwood of the WordPress security team.
    last seen 2019-02-21
    modified 2018-11-23
    plugin id 91840
    published 2016-06-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=91840
    title FreeBSD : wordpress -- multiple vulnerabilities (bfcc23b6-3b27-11e6-8e82-002590263bf5)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3639.NASL
    description Several vulnerabilities were discovered in wordpress, a web blogging tool, which could allow remote attackers to compromise a site via cross-site scripting, bypass restrictions, obtain sensitive revision-history information, or mount a denial of service.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 92706
    published 2016-08-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92706
    title Debian DSA-3639-1 : wordpress - security update
refmap via4
bid 91365
confirm
debian DSA-3639
misc https://wpvulndb.com/vulnerabilities/8520
sectrack 1036163
Last major update 29-11-2016 - 22:07
Published 29-06-2016 - 10:10
Back to Top