[manjaro-security] [arch-security] [ASA-201703-14] wordpress: multiple issues
Remi Gacogne
rgacogne at archlinux.org
Sat Mar 18 18:17:27 CET 2017
Arch Linux Security Advisory ASA-201703-14
==========================================
Severity: Medium
Date : 2017-03-16
CVE-ID : CVE-2017-6814 CVE-2017-6815 CVE-2017-6816 CVE-2017-6817
CVE-2017-6818 CVE-2017-6819
Package : wordpress
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-202
Summary
=======
The package wordpress before version 4.7.3-1 is vulnerable to multiple
issues including cross-site request forgery, cross-site scripting and
insufficient validation.
Resolution
==========
Upgrade to 4.7.3-1.
# pacman -Syu "wordpress>=4.7.3-1"
The problems have been fixed upstream in version 4.7.3.
Workaround
==========
None.
Description
===========
- CVE-2017-6814 (cross-site scripting)
An authenticated cross-site scripting (XSS) vulnerability has been
discovered in WordPress before 4.7.3 via Media File Metadata. This is
demonstrated by both (1) mishandling of the playlist shortcode in the
wp_playlist_shortcode function in wp-includes/media.php and (2)
mishandling of meta information in the renderTracks function in wp-
includes/js/mediaelement/wp-playlist.js.
- CVE-2017-6815 (insufficient validation)
A vulnerability has been discovered in WordPress before 4.7.3 (wp-
includes/pluggable.php) that certain control characters can trick
redirect URL validation.
- CVE-2017-6816 (insufficient validation)
It has been discovered that unintended files can be deleted by
administrators in WordPress before 4.7.3 (wp-admin/plugins.php) using
the plugin deletion functionality.
- CVE-2017-6817 (cross-site scripting)
An authenticated cross-site scripting (XSS) vulnerability has been
discovered in in WordPress before 4.7.3 (wp-includes/embed.php) via
YouTube URL Embeds.
- CVE-2017-6818 (cross-site scripting)
A cross-site scripting (XSS) vulnerability has been discovered in
WordPress before 4.7.3 (wp-admin/js/tags-box.js) via taxonomy term
names.
- CVE-2017-6819 (cross-site request forgery)
A cross-site request forgery (CSRF) vulnerability exists on the Press
This page of WordPress. This issue can be used to create a Denial of
Service (DoS) condition if an authenticated administrator visits a
malicious URL.
Impact
======
A remote attacker is able to execute arbitrary javascript on the
clients machine or perform a denial of service attack against the
server by tricking an administrator to visit a certain site.
Furthermore a malicious administrator is able to delete unintended
files from the server.
References
==========
https://codex.wordpress.org/Version_4.7.3
https://github.com/WordPress/WordPress/commit/28f838ca3ee205b6f39cd2bf23eb4e5f52796bd7
https://sumofpwn.nl/advisory/2016/wordpress_audio_playlist_functionality_is_affected_by_cross_site_scripting.html
https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
https://github.com/WordPress/WordPress/commit/288cd469396cfe7055972b457eb589cea51ce40e
https://github.com/WordPress/WordPress/commit/4d80f8b3e1b00a3edcee0774dc9c2f4c78f9e663
https://github.com/WordPress/WordPress/commit/419c8d97ce8df7d5004ee0b566bc5e095f0a6ca8
https://github.com/WordPress/WordPress/commit/9092fd01e1f452f37c313d38b18f9fe6907541f9
https://sumofpwn.nl/advisory/2016/cross_site_request_forgery_in_wordpress_press_this_function_allows_dos.html
https://github.com/WordPress/WordPress/commit/263831a72d08556bc2f3a328673d95301a152829
https://security.archlinux.org/CVE-2017-6814
https://security.archlinux.org/CVE-2017-6815
https://security.archlinux.org/CVE-2017-6816
https://security.archlinux.org/CVE-2017-6817
https://security.archlinux.org/CVE-2017-6818
https://security.archlinux.org/CVE-2017-6819
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.manjaro.org/pipermail/manjaro-security/attachments/20170318/db557e97/attachment.pgp>
More information about the manjaro-security
mailing list