WordPress Cross Site Scripting And Directory Traversal Vulnerabilities
BID:92841
CVE-2016-7168 | CVE-2016-7169 |Info
WordPress Cross Site Scripting And Directory Traversal Vulnerabilities
Bugtraq ID: | 92841 |
Class: | Input Validation Error |
CVE: |
CVE-2016-7168 CVE-2016-7169 |
Remote: | Yes |
Local: | No |
Published: | Sep 07 2016 12:00AM |
Updated: | Oct 03 2016 12:03AM |
Credit: | SumOfPwn researcher Cengiz Han Sahin and Dominik Schilling of WordPress. |
Vulnerable: |
WordPress WordPress 4.5.2 WordPress WordPress 4.5.1 WordPress WordPress 4.5 WordPress WordPress 4.4.1 WordPress WordPress 4.4 WordPress WordPress 4.2.4 WordPress WordPress 4.2.3 WordPress WordPress 4.2.2 WordPress WordPress 4.2.1 WordPress WordPress 4.1.2 WordPress WordPress 4.1.1 WordPress WordPress 4.1 WordPress WordPress 3.9.2 WordPress WordPress 3.9.1 WordPress WordPress 3.8.2 WordPress WordPress 3.8.1 WordPress WordPress 3.7.4 WordPress WordPress 3.7.1 WordPress WordPress 3.6.1 WordPress WordPress 3.5.2 WordPress WordPress 3.5.1 WordPress WordPress 3.3.2 WordPress WordPress 3.2.2 WordPress WordPress 3.1.4 WordPress WordPress 3.1.3 WordPress WordPress 3.1.2 WordPress WordPress 3.1.1 WordPress WordPress 3.0.5 WordPress WordPress 3.0.4 WordPress WordPress 3.0.3 WordPress WordPress 3.0.2 WordPress WordPress 2.9.2 WordPress WordPress 2.9.1 WordPress WordPress 2.8.6 WordPress WordPress 2.8.5 WordPress WordPress 2.8.4 WordPress WordPress 2.8.3 WordPress WordPress 2.8.2 WordPress WordPress 2.8.1 WordPress WordPress 2.6.5 WordPress WordPress 2.6.2 WordPress WordPress 2.6.1 WordPress WordPress 2.5.1 WordPress WordPress 2.3.3 WordPress WordPress 2.3.2 WordPress WordPress 2.3.1 WordPress WordPress 2.2.3 WordPress WordPress 2.2.2 WordPress WordPress 2.2.1 WordPress WordPress 2.1.3 WordPress WordPress 2.1.2 WordPress WordPress 2.1.1 WordPress WordPress 2.0.11 WordPress WordPress 2.0.10 WordPress WordPress 2.0.7 WordPress WordPress 2.0.6 WordPress WordPress 2.0.5 WordPress WordPress 2.0.4 WordPress WordPress 2.0.3 WordPress WordPress 2.0.2 WordPress WordPress 2.0.1 WordPress WordPress 2.0 WordPress WordPress 1.5.2 WordPress WordPress 1.5.1 .3 WordPress WordPress 1.5.1 .2 WordPress WordPress 1.5.1 WordPress WordPress 1.5 WordPress WordPress 1.3.1 WordPress WordPress 1.2.2 WordPress WordPress 1.2.1 WordPress WordPress 1.2 WordPress WordPress 0.6.2 WordPress WordPress 4.6 WordPress WordPress 4.5.3 WordPress WordPress 4.4.2 WordPress WordPress 4.3.1 WordPress WordPress 4.3 WordPress WordPress 4.2 WordPress WordPress 4.0.1 WordPress WordPress 4.0 WordPress WordPress 3.9.3 WordPress WordPress 3.9 WordPress WordPress 3.8.5 WordPress WordPress 3.8.4 WordPress WordPress 3.8.3 WordPress WordPress 3.8 WordPress WordPress 3.7.5 WordPress WordPress 3.7 WordPress WordPress 3.6 WordPress WordPress 3.5 WordPress WordPress 3.4.2 WordPress WordPress 3.4.1 WordPress WordPress 3.4 WordPress WordPress 3.3.3 WordPress WordPress 3.3.1 WordPress WordPress 3.3 WordPress WordPress 3.2.1 WordPress WordPress 3.2 WordPress WordPress 3.1 WordPress WordPress 3.0.6 WordPress WordPress 3.0.1 WordPress WordPress 2.9.1.1 WordPress WordPress 2.9 WordPress WordPress 2.8.5.2 WordPress WordPress 2.8.5.1 WordPress WordPress 2.8 WordPress WordPress 2.7.1 WordPress WordPress 2.7 WordPress WordPress 2.6.3 WordPress WordPress 2.6 WordPress WordPress 2.5 WordPress WordPress 2.3 WordPress WordPress 2.2 WordPress WordPress 2.1 WordPress WordPress 2.0.9 WordPress WordPress 2.0.8 WordPress WordPress 1.6.2 WordPress WordPress 1.6 WordPress WordPress 1.5.1.1 WordPress WordPress 1.5 WordPress WordPress 1.4 WordPress WordPress 1.3.3 WordPress WordPress 1.3.2 WordPress WordPress 1.3 WordPress WordPress 1.2.5 WordPress WordPress 1.2.4 WordPress WordPress 1.2.3 WordPress WordPress 1.1.1 WordPress WordPress 1.0.2 WordPress WordPress 1.0.1 WordPress WordPress 0.72 WordPress WordPress 0.711 WordPress WordPress 0.71 WordPress WordPress 0.7 WordPress WordPress 0.6.2.1 Debian Linux 6.0 sparc Debian Linux 6.0 s/390 Debian Linux 6.0 powerpc Debian Linux 6.0 mips Debian Linux 6.0 ia-64 Debian Linux 6.0 ia-32 Debian Linux 6.0 arm Debian Linux 6.0 amd64 |
Not Vulnerable: |
WordPress WordPress 4.6.1 |
Discussion
WordPress Cross Site Scripting And Directory Traversal Vulnerabilities
WordPress is prone to a cross-site scripting vulnerability and a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input.
A remote attacker can leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and to view arbitrary local files and directories within the context of the webserver. This may let the attacker steal cookie-based authentication credentials and gain access to sensitive information, which may aid in launching further attacks.
Versions prior to WordPress 4.6.1 are vulnerable.
WordPress is prone to a cross-site scripting vulnerability and a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input.
A remote attacker can leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and to view arbitrary local files and directories within the context of the webserver. This may let the attacker steal cookie-based authentication credentials and gain access to sensitive information, which may aid in launching further attacks.
Versions prior to WordPress 4.6.1 are vulnerable.
Exploit / POC
WordPress Cross Site Scripting And Directory Traversal Vulnerabilities
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
WordPress Cross Site Scripting And Directory Traversal Vulnerabilities
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
WordPress Cross Site Scripting And Directory Traversal Vulnerabilities
References:
References:
- Media: Sanitize upload filename. (WordPress)
- WordPress HomePage (WordPress)
- Upgrade/Install: Sanitize file name in `File_Upload_Upgrader`. (WordPress)
- WordPress 4.6.1 Security and Maintenance Release (WordPress)