Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Bill Gates is co-founder of Microsoft, co-chair of the Bill & Melinda Gates Foundation, and founder and chairman of TerraPower. In 1975, Gates founded Microsoft with Paul Allen, and led the company to become the worldwide leader in business and personal software and services.
- https://www.terrapower.com
- https://www.terrapower.com/wp-admin/css/login.min.css?ver=5.4.2
- WordPress 5.4.x < 5.4.2 Multiple Vulnerabilities
- MEDIUM Web Application Scanning Plugin ID 112479
- Synopsis
- WordPress 5.4.x < 5.4.2 Multiple Vulnerabilities
- Description
- According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities :
- - A cross-site scripting (XSS) vulnerability exist in the block editor.
- - A cross-site scripting (XSS) vulnerability exist in media files.
- - An open redirect vulnerability exists in wp_validate_redirect().
- - A cross-site scripting (XSS) vulnerability exist in theme uploads.
- - A privilege escalation vulnerability exists in set-screen-option.
- - An authorization bypass vulnerability exists in password-protected posts and pages.
- Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.
- Solution
- Update to WordPress version 5.4.2 or latest.
- See Also
- https://wordpress.org/news/2020/06/wordpress-5-4-2-security-and-maintenance-release/
- https://wordpress.org/support/wordpress-version/version-5-4-2/
- Plugin Details
- Severity: Medium
- ID: 112479
- Type: remote
- Family: Component Vulnerability
- Published: 2020/06/26
- Updated: 2020/06/26
- Risk Information
- Risk Factor: Medium
- CVSS v2.0
- Base Score: 4.3
- Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N
- CVSS v3.0
- Base Score: 6.1
- Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- Vulnerability Information
- CPE: cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*
- Exploit Available: true
- Patch Publication Date: 2020/06/10
- Vulnerability Publication Date: 2020/06/10
- Reference Information
- CWE: 79, 284, 601
- WASC: Cross-Site Scripting, Insufficient Authorization, URL Redirector Abuse
- OWASP: 2010-A10, 2010-A2, 2010-A4, 2010-A8, 2013-A10, 2013-A3, 2013-A4, 2013-A7, 2013-A9, 2017-A5, 2017-A7, 2017-A9
- OWASP_API: 2019-API7
- #EyePhuckBitches
Add Comment
Please, Sign In to add comment