ID CVE-2014-5203
Summary wp-includes/class-wp-customize-widgets.php in the widget implementation in WordPress 3.9.x before 3.9.2 might allow remote attackers to execute arbitrary code via crafted serialized data.
References
Vulnerable Configurations
  • WordPress 3.9.0
    cpe:2.3:a:wordpress:wordpress:3.9.0
  • WordPress 3.9.1
    cpe:2.3:a:wordpress:wordpress:3.9.1
CVSS
Base: 7.5 (as of 18-08-2014 - 12:29)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2014-9264.NASL
    description Upstream announcement: http://wordpress.org/news/2014/08/wordpress-3-9-2/ Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-05
    plugin id 77312
    published 2014-08-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77312
    title Fedora 20 : wordpress-3.9.2-3.fc20 (2014-9264)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2014-9270.NASL
    description Upstream announcement: http://wordpress.org/news/2014/08/wordpress-3-9-2/ Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-05
    plugin id 77347
    published 2014-08-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77347
    title Fedora 19 : wordpress-3.9.2-3.fc19 (2014-9270)
  • NASL family CGI abuses
    NASL id WORDPRESS_3_9_2.NASL
    description According to its version number, the WordPress application hosted on the remote web server is affected by multiple vulnerabilities : - An XML injection flaw exists within 'getid3.lib.php' due to the parser accepting XML external entities from untrusted sources. Using specially crafted XML data, a remote attacker could access sensitive information or cause a denial of service. This affects versions 3.6 - 3.9.1, except 3.7.4 and 3.8.4. - An XML injection flaw exists within 'xmlrpc.php' due to the parser accepting XML internal entities without properly validating them. Using specially crafted XML data, a remote attacker could cause a denial of service. This affects versions 1.5 - 3.9.1, except 3.7.4 and 3.8.4. - An unsafe serialization flaw exists in the script '/src/wp-includes/class-wp-customize-widgets.php' when processing widgets. This could allow a remote attacker to execute arbitrary code. Versions 3.9 and 3.9.1 non-default configurations are affected. - A flaw exists when building CSRF tokens due to it not separating pieces by delimiter and not comparing nonces in a time-constant manner. This could allow a remote attacker to conduct a brute force attack and potentially disclose the CSRF token. This affects versions 2.0.3 - 3.9.1, except 3.7.4 and 3.8.4. - A cross-site scripting flaw exists in the function 'get_avatar' within the '/src/wp-includes/pluggable.php' script where input from the avatars is not validated before returning it to the user. Using a specially crafted request, an authenticated attacker could execute arbitrary script code within the browser / server trust relationship. This affects version 3.9.1. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 77157
    published 2014-08-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77157
    title WordPress < 3.7.4 / 3.8.4 / 3.9.2 Multiple Vulnerabilities
refmap via4
confirm
mlist [oss-security] 20140813 Re: WordPress 3.9.2 release - needs CVE's
Last major update 28-08-2014 - 14:06
Published 18-08-2014 - 07:15
Back to Top