wordpress

• Author: voroskoi
• Vulnerable: 2.1.2-1
• Unaffected: 2.1.3-1terminus1

g30rg3_x has discovered a vulnerability in WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to the “year” parameter when used in wp_title() is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected site. A vulnerability has been discovered in WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to the “PHP_SELF” variable is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected site. Sumit Siddharth has discovered two vulnerabilities in WordPress, which can be exploited by malicious users to conduct SQL injection attacks or to bypass certain security restrictions.

1. Input passed to the “mt.setPostCategories” method in xmlrpc.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation allows e.g. retrieving usernames and password hashes, but requires valid user credentials.
2. A vulnerability is caused due to improper authentication verification in xmlrpc.php. A user with contributor permissions can exploit this issue to publish posts. Successful exploitation requires valid user credentials.

• Bug Tracker URL: http://bugs.frugalware.org/task/1837

CVEs:

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1894
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1622
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1893
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1897