Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 454036

Summary: <www-apps/wordpress-3.5.1: multiple vulnerabilities (CVE-2013-{0235,0236,0237})
Product: Gentoo Security Reporter: Agostino Sarubbo <ago>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: trivial CC: tampakrap
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://secunia.com/advisories/51967/
Whiteboard: ~4 [noglsa]
Package list:
Runtime testing required: ---

Description Agostino Sarubbo gentoo-dev 2013-01-25 15:58:54 UTC 
From $URL :

Description
Multiple vulnerabilities have been reported in Wordpress, which can be exploited by malicious users 
to conduct script insertion attacks and by malicious people to conduct cross-site scripting attacks 
and disclose sensitive data.

1) Certain unspecified input related to shortcodes and post content is not properly sanitised 
before being returned to the user. This can be exploited to execute arbitrary HTML and script code 
in a user's browser session in context of an affected site.

2) Certain unspecified input related to Plupload is not properly sanitised before being returned to 
the user. This can be exploited to execute arbitrary HTML and script code in a user's browser 
session in context of an affected site.

3) Input passed via the "sourceUri" parameter to the "pingback.ping" XMLRPC API method is not 
properly sanitised before being used. This can be exploited to e.g. disclose sensitive data.

The vulnerabilities are reported in versions prior to 3.5.1.


Solution
Update to version 3.5.1.

Provided and/or discovered by
The vendor credits:
1) Jon Cave, WordPress security team.
2) Moxiecode.
3) Gennady Kovshenin and Ryan Dewhurst.

Original Advisory
WordPress:
http://wordpress.org/news/2013/01/wordpress-3-5-1/
Comment 1 Sean Amoss (RETIRED) gentoo-dev Security 2013-02-26 00:13:59 UTC 
Closing noglsa for ~arch only.
Comment 2 GLSAMaker/CVETool Bot gentoo-dev 2013-08-27 16:34:15 UTC 
CVE-2013-0237 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0237):
  Cross-site scripting (XSS) vulnerability in Plupload.as in Moxiecode
  plupload before 1.5.5, as used in WordPress before 3.5.1 and other products,
  allows remote attackers to inject arbitrary web script or HTML via the id
  parameter.

CVE-2013-0236 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0236):
  Multiple cross-site scripting (XSS) vulnerabilities in WordPress before
  3.5.1 allow remote attackers to inject arbitrary web script or HTML via
  vectors involving (1) gallery shortcodes or (2) the content of a post.

CVE-2013-0235 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0235):
  The XMLRPC API in WordPress before 3.5.1 allows remote attackers to send
  HTTP requests to intranet servers, and conduct port-scanning attacks, by
  specifying a crafted source URL for a pingback, related to a Server-Side
  Request Forgery (SSRF) issue.