Test ID:	1.3.6.1.4.1.25623.1.0.809895
Category:	Web application abuses
Title:	WordPress Multiple Vulnerabilities (Mar 2017) - Windows
Summary:	WordPress is prone to multiple vulnerabilities.
Description:	Summary: WordPress is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws are due to: - A cross-site scripting (XSS) vulnerability in media file metadata. - An improper URL validation. - Unintended files can be deleted by administrators using the plugin deletion functionality. - A cross-site scripting (XSS) in video URL in YouTube embeds. - A Cross-site request forgery (CSRF) in Press. Vulnerability Impact: Successfully exploiting will allow remote attacker to create a specially crafted URL, execute arbitrary script code in an user's browser session within the trust relationship between their browser and the server and leading to excessive use of server resources. Affected Software/OS: WordPress versions 4.7.2 and prior on Windows. Solution: Update to WordPress version 4.7.3 or later. CVSS Score: 5.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2017-6804 Common Vulnerability Exposure (CVE) ID: CVE-2017-6815 BugTraq ID: 96600 http://www.securityfocus.com/bid/96600 Debian Security Information: DSA-3815 (Google Search) http://www.debian.org/security/2017/dsa-3815 https://codex.wordpress.org/Version_4.7.3 https://github.com/WordPress/WordPress/commit/288cd469396cfe7055972b457eb589cea51ce40e https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/ https://wpvulndb.com/vulnerabilities/8766 http://www.securitytracker.com/id/1037959 Common Vulnerability Exposure (CVE) ID: CVE-2017-6814 BugTraq ID: 96601 http://www.securityfocus.com/bid/96601 http://openwall.com/lists/oss-security/2017/03/06/8 https://github.com/WordPress/WordPress/commit/28f838ca3ee205b6f39cd2bf23eb4e5f52796bd7 https://sumofpwn.nl/advisory/2016/wordpress_audio_playlist_functionality_is_affected_by_cross_site_scripting.html https://wpvulndb.com/vulnerabilities/8765 Common Vulnerability Exposure (CVE) ID: CVE-2017-6816 BugTraq ID: 96598 http://www.securityfocus.com/bid/96598 https://github.com/WordPress/WordPress/commit/4d80f8b3e1b00a3edcee0774dc9c2f4c78f9e663 https://wpvulndb.com/vulnerabilities/8767 Common Vulnerability Exposure (CVE) ID: CVE-2017-6818 https://github.com/WordPress/WordPress/commit/9092fd01e1f452f37c313d38b18f9fe6907541f9 https://wpvulndb.com/vulnerabilities/8769 Common Vulnerability Exposure (CVE) ID: CVE-2017-6817 https://github.com/WordPress/WordPress/commit/419c8d97ce8df7d5004ee0b566bc5e095f0a6ca8 https://wpvulndb.com/vulnerabilities/8768 Common Vulnerability Exposure (CVE) ID: CVE-2017-6819 BugTraq ID: 96602 http://www.securityfocus.com/bid/96602 http://openwall.com/lists/oss-security/2017/03/06/7 https://github.com/WordPress/WordPress/commit/263831a72d08556bc2f3a328673d95301a152829 https://sumofpwn.nl/advisory/2016/cross_site_request_forgery_in_wordpress_press_this_function_allows_dos.html https://wpvulndb.com/vulnerabilities/8770
Copyright	Copyright (C) 2017 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.