454036 – <www-apps/wordpress-3.5.1: multiple vulnerabilities (CVE-2013-{0235,0236,0237})

Bug 454036 - <www-apps/wordpress-3.5.1: multiple vulnerabilities (CVE-2013-{0235,0236,0237})

Summary: <www-apps/wordpress-3.5.1: multiple vulnerabilities (CVE-2013-{0235,0236,0237})

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal trivial (vote)
Assignee:	Gentoo Security

URL:	https://secunia.com/advisories/51967/
Whiteboard:	~4 [noglsa]
Keywords:

Depends on:
Blocks:

Reported:	2013-01-25 15:58 UTC by Agostino Sarubbo
Modified:	2013-08-27 16:34 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Agostino Sarubbo gentoo-dev

2013-01-25 15:58:54 UTC

From $URL :

Description
Multiple vulnerabilities have been reported in Wordpress, which can be exploited by malicious users 
to conduct script insertion attacks and by malicious people to conduct cross-site scripting attacks 
and disclose sensitive data.

1) Certain unspecified input related to shortcodes and post content is not properly sanitised 
before being returned to the user. This can be exploited to execute arbitrary HTML and script code 
in a user's browser session in context of an affected site.

2) Certain unspecified input related to Plupload is not properly sanitised before being returned to 
the user. This can be exploited to execute arbitrary HTML and script code in a user's browser 
session in context of an affected site.

3) Input passed via the "sourceUri" parameter to the "pingback.ping" XMLRPC API method is not 
properly sanitised before being used. This can be exploited to e.g. disclose sensitive data.

The vulnerabilities are reported in versions prior to 3.5.1.


Solution
Update to version 3.5.1.

Provided and/or discovered by
The vendor credits:
1) Jon Cave, WordPress security team.
2) Moxiecode.
3) Gennady Kovshenin and Ryan Dewhurst.

Original Advisory
WordPress:
http://wordpress.org/news/2013/01/wordpress-3-5-1/

Comment 1 Sean Amoss (RETIRED) gentoo-dev

2013-02-26 00:13:59 UTC

Closing noglsa for ~arch only.

Comment 2 GLSAMaker/CVETool Bot gentoo-dev

2013-08-27 16:34:15 UTC

CVE-2013-0237 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0237):
  Cross-site scripting (XSS) vulnerability in Plupload.as in Moxiecode
  plupload before 1.5.5, as used in WordPress before 3.5.1 and other products,
  allows remote attackers to inject arbitrary web script or HTML via the id
  parameter.

CVE-2013-0236 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0236):
  Multiple cross-site scripting (XSS) vulnerabilities in WordPress before
  3.5.1 allow remote attackers to inject arbitrary web script or HTML via
  vectors involving (1) gallery shortcodes or (2) the content of a post.

CVE-2013-0235 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0235):
  The XMLRPC API in WordPress before 3.5.1 allows remote attackers to send
  HTTP requests to intranet servers, and conduct port-scanning attacks, by
  specifying a crafted source URL for a pingback, related to a Server-Side
  Request Forgery (SSRF) issue.