Arch Linux Security Advisory ASA-201701-22 ========================================== Severity: High Date : 2017-01-15 CVE-ID : CVE-2016-10033 CVE-2016-10045 CVE-2017-5487 CVE-2017-5488 CVE-2017-5489 CVE-2017-5490 CVE-2017-5491 CVE-2017-5492 CVE-2017-5493 Package : wordpress Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-142 Summary ======= The package wordpress before version 4.7.1-1 is vulnerable to multiple issues including arbitrary code execution, cross-site scripting, access restriction bypass, cross-site request forgery and insufficient validation. Resolution ========== Upgrade to 4.7.1-1. # pacman -Syu "wordpress>=4.7.1-1" The problems have been fixed upstream in version 4.7.1. Workaround ========== None. Description =========== - CVE-2016-10033 (arbitrary code execution) A vulnerability has been discovered in PHPMailer that could potentially be used by unauthenticated remote attackers to achieve remote arbitrary code execution in the context of the web server user and remotely compromise the target web application. This issue can be triggered by passing a maliciously crafted expression to the vulnerable application. - CVE-2016-10045 (arbitrary code execution) It has been discovered that the first patch of the vulnerability CVE-2016-10033 in PHPMailer was incomplete and could potentially still be used by unauthenticated remote attackers to achieve remote arbitrary code execution in the context of the web server user and remotely compromise the target web application. This issue can be triggered by passing a maliciously crafted expression to the vulnerable application. - CVE-2017-5487 (access restriction bypass) A vulnerability has been discovered in wordpress exposing user data for all users who had authored a post of a public post type via the REST API. wordpress 4.7.1 limits this to only post types which have specified that they should be shown within the REST API. - CVE-2017-5488 (cross-site scripting) A cross-site scripting (XSS) vulnerability has been discovered in wordpress via the plugin name or version header on update-core.php. - CVE-2017-5489 (cross-site request forgery) A cross-site request forgery (CSRF) bypass has been discovered in wordpress via uploading a Flash file. - CVE-2017-5490 (cross-site scripting) A cross-site scripting (XSS) vulnerability has been discovered in wordpress via theme name fallback. - CVE-2017-5491 (access restriction bypass) A vulnerability has been discovered in wordpress allowing to post via email as it checks for mail.example.com if default settings aren't changed. - CVE-2017-5492 (cross-site request forgery) A cross-site request forgery (CSRF) vulnerability has been discovered in wordpress in the accessibility mode of widget editing. - CVE-2017-5493 (insufficient validation) An insufficient validation vulnerability has been discovered in wordpress leading to weak cryptographic security for multisite activation key. Impact ====== A remote attacker is able to perform a cross-site scripting or cross- site request forgery attack or possibly execute arbitrary code on the affected host. References ========== https://bugs.archlinux.org/task/52555 https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-... http://seclists.org/oss-sec/2017/q1/95 https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2... https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2... https://github.com/WordPress/WordPress/commit/daf358983cc1ce0c77bf6d2de2ebbb... https://github.com/WordPress/WordPress/commit/c9ea1de1441bb3bda133bf72d513ca... https://github.com/WordPress/WordPress/commit/ce7fb2934dd111e6353784852de8ae... https://github.com/WordPress/WordPress/commit/061e8788814ac87706d8b95688df27... https://github.com/WordPress/WordPress/commit/03e5c0314aeffe6b27f4b98fef842b... https://github.com/WordPress/WordPress/commit/cea9e2dc62abf777e06b12ec4ad9d1... https://security.archlinux.org/CVE-2016-10033 https://security.archlinux.org/CVE-2016-10045 https://security.archlinux.org/CVE-2017-5487 https://security.archlinux.org/CVE-2017-5488 https://security.archlinux.org/CVE-2017-5489 https://security.archlinux.org/CVE-2017-5490 https://security.archlinux.org/CVE-2017-5491 https://security.archlinux.org/CVE-2017-5492 https://security.archlinux.org/CVE-2017-5493