WordPress versions 4.7.2 and earlier are affected by six security issues

by CIRT Team

Description:

1. Cross-site scripting (XSS) via media file metadata.
2. Control characters can trick redirect URL validation
3. Unintended files can be deleted by administrators using the plugin deletion functionality
4. Cross-site scripting (XSS) via video URL in YouTube embeds.
5. Cross-site scripting (XSS) via taxonomy term names.
6. Cross-site request forgery (CSRF) in Press This leading to excessive use of server resources

Impact: Intruder may perform malicious activity by exploiting above mention vulnerabilities.

Mitigation: Vendor has released new version (WordPress 4.7.3).

Reference URL’s:

• https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
• https://codex.wordpress.org/Version_4.7.3

CIRT Team

Recommended Posts

Active Exploitation of Critical F5 BIG – IP Vulnerability (CVE–2023-46747) Uncovered in Bangladesh

06 Nov 2024 - Security Advisories & Alerts

Emerging Threat_Stealer Malware (Lumma C2) Campaign with fake CAPTCHA pages

08 Oct 2024 - Security Advisories & Alerts

Detection of Fog Ransomware Footprint in Cyber Space of Bangladesh

12 Sep 2024 - Security Advisories & Alerts