ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2014.0254
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2014-0254)
Resumen:	The remote host is missing an update for the 'wordpress' package(s) announced via the MGASA-2014-0254 advisory.
Descripción:	Summary: The remote host is missing an update for the 'wordpress' package(s) announced via the MGASA-2014-0254 advisory. Vulnerability Insight: Updated wordpress package fixes security vulnerabilities: WordPress before 3.7.2 allows remote authenticated users to publish posts by leveraging the Contributor role, related to wp-admin/includes/post.php and wp-admin/includes/class-wp-posts-list-table.php (CVE-2014-0165). The wp_validate_auth_cookie function in wp-includes/pluggable.php in WordPress before 3.7.2 does not properly determine the validity of authentication cookies, which makes it easier for remote attackers to obtain access via a forged cookie (CVE-2014-0166). The wordpress package has been updated to version 3.9.1, fixing these and other issues. Affected Software/OS: 'wordpress' package(s) on Mageia 3, Mageia 4. Solution: Please install the updated package(s). CVSS Score: 6.4 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-0165 Debian Security Information: DSA-2901 (Google Search) http://www.debian.org/security/2014/dsa-2901 Common Vulnerability Exposure (CVE) ID: CVE-2014-0166
Copyright	Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.