You are here

T-597: WordPress Multiple Security Vulnerabilities

April 7, 2011 - 5:42am

Addthis

PROBLEM:

WordPress is prone to multiple security vulnerabilities because it fails to properly sanitize user-supplied input. These vulnerabilities include a cross-site request-forgery vulnerability, a denial-of-service vulnerability, and a cross-site scripting vulnerability.

PLATFORM:

WordPress versions prior to 3.1.1 are vulnerable.

ABSTRACT:

Attackers can exploit these issues to perform unauthorized actions in the context of the logged-in user, crash the affected application and therefore deny service to legitimate users, or execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials or launch other attacks.

reference LINKS:

Security Focus
SecurityTracker

IMPACT ASSESSMENT:

Low

Discussion:

Attackers can exploit these issues to perform unauthorized actions in the context of the logged-in user, crash the affected application and therefore deny service to legitimate users, or execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials or launch other attacks.

Impact:

An attacker can exploit these issues via a browser.

Solution:

Updates are available. Please see the references for more information.
 

Addthis