ID CVE-2017-9066
Summary In WordPress before 4.7.5, there is insufficient redirect validation in the HTTP class, leading to SSRF.
References
Vulnerable Configurations
  • cpe:2.3:a:wordpress:wordpress:4.7.4
    cpe:2.3:a:wordpress:wordpress:4.7.4
CVSS
Base: 5.0
Impact:
Exploitability:
CWE CWE-918
CAPEC
nessus via4
  • NASL family CGI abuses
    NASL id WORDPRESS_4_7_5.NASL
    description According to its self-reported version number, the WordPress application running on the remote web server is 4.7.x prior to 4.7.5. It is, therefore, affected by multiple vulnerabilities : - A DOM-based cross-site scripting (XSS) vulnerability exists in the uploadSizeError() function within file wp-includes/js/plupload/handlers.js when handling overly large file uploads due to improper validation of user-supplied input to file names before returning it in error messages. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code in a user's browser session. (CVE-2017-9061) - A flaw exists in the set_custom_fields() function within file wp-includes/class-wp-xmlrpc-server.php when accessing post meta data due to improper validation of user-supplied input. An authenticated, remote attacker can exploit this to gain unauthorized access to meta data. (CVE-2017-9062) - A stored cross-site scripting (XSS) vulnerability exists within file wp-admin/customize.php script due to improper validation of user-supplied input to the blog name before returning it to users. An authenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code in a user's browser session. (CVE-2017-9063) - A cross-site request forgery (XSRF) vulnerability exists in the request_filesystem_credentials() function within file /wp-admin/includes/file.php due to a failure to require multiple steps, explicit confirmation, or a unique token when performing certain sensitive actions. An unauthenticated, remote attacker can exploit this, by convincing a user to follow a specially crafted link, to disclose the user credentials. (CVE-2017-9064) - A flaw exists in the XML-RPC API, specifically within file wp-includes/class-wp-xmlrpc-server.php in the _insert_post() function, when handling post meta data due to a lack of capability checks. An unauthenticated, remote attacker can exploit this to manipulate posts without having the required capabilities. (CVE-2017-9065) - An flaw exists in the WP_Http::request() function within file wp-includes/class-http.php due to improper validation of user-supplied iput. An unauthenticated, remote attacker can exploit this to redirect the user to a URL of the attacker's choosing. (CVE-2017-9066) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
    last seen 2017-10-29
    modified 2017-09-21
    plugin id 100298
    published 2017-05-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100298
    title WordPress 4.7.x < 4.7.5 Multiple Vulnerabilities
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-1075.NASL
    description In WordPress, there is insufficient redirect validation in the HTTP class, leading to SSRF. For Debian 7 'Wheezy', these problems have been fixed in version 3.6.1+dfsg-1~deb7u16. We recommend that you upgrade your wordpress packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-01-30
    modified 2018-01-29
    plugin id 102824
    published 2017-08-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102824
    title Debian DLA-1075-1 : wordpress security update
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-4090.NASL
    description Several vulnerabilities were discovered in Wordpress, a web blogging tool. They allowed remote attackers to perform SQL injections and various Cross-Side Scripting (XSS) and Server-Side Request Forgery (SSRF) attacks, as well as bypass some access restrictions.
    last seen 2018-01-30
    modified 2018-01-29
    plugin id 106109
    published 2018-01-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106109
    title Debian DSA-4090-1 : wordpress - security update
refmap via4
bid 98509
confirm
debian DSA-4090
misc
sectrack 1038520
Last major update 18-05-2017 - 10:29
Published 18-05-2017 - 10:29
Last modified 18-01-2018 - 13:18
Back to Top