Scribd
Upload
98 views9 pages

Vuln Xss Pada Suati Web

The document summarizes numerous vulnerabilities identified in versions of WordPress between 1.5.0 and 5.2.3, including cross-site scripting, SQL injection, arbitrary file deletion, and other issues. A total of 88 vulnerabilities were identified in the version 3.9.2 of WordPress running on the site. Many of the vulnerabilities were addressed in subsequent WordPress version releases.

Uploaded by

sandra
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
98 views9 pages

Vuln Xss Pada Suati Web

The document summarizes numerous vulnerabilities identified in versions of WordPress between 1.5.0 and 5.2.3, including cross-site scripting, SQL injection, arbitrary file deletion, and other issues. A total of 88 vulnerabilities were identified in the version 3.9.2 of WordPress running on the site. Many of the vulnerabilities were addressed in subsequent WordPress version releases.

Uploaded by

sandra
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 9

https://bbg.co.id/ ( 114.141.55.

47 ) is hosted on

Tested from United States on Oct 4,


2021 6:07 AM
Pt Cyberplus Media Pratama

WordPress Plugins Admin Vulnerable


Blacklisted HTTPS
Version Identified exposed

3.9.2 1 No Yes
No Yes

Admin Console (hidden)

Well done! The WordPress admin console is not accessible on the default URL. It’s a
great way to prevent brute force attacks.

Blacklisted (safe)

Well done! All looks okay.


If not already, you may want to implement WAF (Web Application Firewall) for
continuous security to further harden and tighten the WordPress site.

HTTPS (on)

Well done! The WordPress site is accessible over https://

WordPress Core (insecure)

Version 3.9.2 identified by Rss Generator (Passive Detection), released on August


5, 2014

https://bbg.co.id/feed/, <generator>http://wordpress.org/?v=3.9.2</generator>

https://bbg.co.id/comments/feed/, <generator>http://wordpress.org/?
v=3.9.2</generator>

https://bbg.co.id/home/feed/, <generator>http://wordpress.org/?
v=3.9.2</generator>

Total 88 vulnerabilities identified

WordPress 3.4.2 - 3.9.2 Does Not Invalidate Sessions Upon Logout


Fixed in 4.0

https://wpvulndb.com/vulnerabilities/8ee5c93f-6dd4-4001-b805-0d62a2475932

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2012-5868

http://whiteoaksecurity.com/blog/2012/12/17/cve-2012-5868-wordpress-342-
sessions-not-terminated-upon-explicit-user-logout

https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/leveraging-lfi-
to-get-full-compromise-on-wordpress-sites/

WordPress 3.0-3.9.2 - Unauthenticated Stored Cross-Site Scripting (XSS)


Fixed in 4.0

https://wpvulndb.com/vulnerabilities/a30dff57-91a5-433e-8282-90d0115ddcca

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2014-9031

https://klikki.fi/adv/wordpress.html

https://wordpress.org/news/2014/11/wordpress-4-0-1/

https://klikki.fi/adv/wordpress_update.html

WordPress <= 4.0 - Long Password Denial of Service (DoS)

Fixed in 4.0.1

https://wpvulndb.com/vulnerabilities/aa6a0791-5d59-4c80-b943-bfec7fff7862

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2014-9034

http://www.behindthefirewalls.com/2014/11/wordpress-denial-of-service-
responsible-disclosure.html

https://wordpress.org/news/2014/11/wordpress-4-0-1/

WordPress <= 4.0 - Server Side Request Forgery (SSRF)

https://wpvulndb.com/vulnerabilities/894714e0-e582-4ae8-86d2-9826604bd823

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2014-9038

https://www.securityfocus.com/bid/71234/

https://core.trac.wordpress.org/changeset/30444

WordPress 3.9, 3.9.1, 3.9.2, 4.0 - XSS in Media Playlists


Fixed in 4.0.1
https://wpvulndb.com/vulnerabilities/4fa374b3-53c6-48d0-bdf8-5ef1c0aa9316

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2014-9032

https://core.trac.wordpress.org/changeset/30422

WordPress <= 4.1.1 - Unauthenticated Stored Cross-Site Scripting (XSS)

Fixed in 4.1.2

WordPress <= 4.0 - CSRF in wp-login.php Password Reset

Fixed in 4.0.1

WordPress <= 4.2.2 - Authenticated Stored Cross-Site Scripting (XSS

Fixed in 3.9.7

https://wpvulndb.com/vulnerabilities/0f027d7d-674b-4a63-9603-25ea68069c1d

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2015-5622

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2015-5623

https://wordpress.org/news/2015/07/wordpress-4-2-3/

https://twitter.com/klikkioy/status/624264122570526720

https://klikki.fi/adv/wordpress3.html

WordPress <= 4.2.3 - wp_untrash_post_comments SQL Injection


Fixed in 3.9.8

https://wpvulndb.com/vulnerabilities/0f027d7d-674b-4a63-9603-25ea68069c1d

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2015-5622

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2015-5623

https://wordpress.org/news/2015/07/wordpress-4-2-3/

https://twitter.com/klikkioy/status/624264122570526720

https://klikki.fi/adv/wordpress3.html
WordPress <= 4.2.3 - wp_untrash_post_comments SQL Injection
Fixed in 3.9.8

https://wpvulndb.com/vulnerabilities/b52728fa-c068-4098-b796-ce421f31bde5

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2015-2213

https://github.com/WordPress/WordPress/commit/70128fe7605cb963a46815cf91b0a5934f70e
ff5

WordPress <= 4.2.3 - Timing Side Channel Attack


Fixed in 3.9.8

https://wpvulndb.com/vulnerabilities/3c4fe98d-04dd-4217-945d-11e06a173916

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2015-5730

https://core.trac.wordpress.org/changeset/33536

WordPress <= 4.2.3 - Widgets Title Cross-Site Scripting (XSS)


Fixed in 3.9.8

https://wpvulndb.com/vulnerabilities/32787617-081f-4743-a9a7-5dd6642308b2

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2015-5732

https://core.trac.wordpress.org/changeset/33529

WordPress <= 4.2.3 - Nav Menu Title Cross-Site Scripting (XSS)

WordPress <= 4.2.3 - Legacy Theme Preview Cross-Site Scripting (XSS)

WordPress <= 4.3 - Authenticated Shortcode Tags Cross-Site Scripting (XSS)


Fixed in 3.9.9

WordPress <= 4.3 - User List Table Cross-Site Scripting (XSS)

WordPress <= 4.3 - Publish Post & Mark as Sticky Permission Issue

WordPress 3.7-4.4 - Authenticated Cross-Site Scripting (XSS)


Fixed in 3.9.10

WordPress 3.7-4.4.1 - Local URIs Server Side Request Forgery (SSRF)


Fixed in 3.9.11

WordPress 3.7-4.4.1 - Open Redirect


Fixed in 3.9.11

WordPress <= 4.4.2 - SSRF Bypass using Octal & Hexedecimal IP addresses
Fixed in 4.5

WordPress <= 4.4.2 - Reflected XSS in Network Settings


Fixed in 4.5
WordPress <= 4.4.2 - Script Compression Option CSRF
Fixed in 4.5

WordPress <= 4.5.1 - Pupload Same Origin Method Execution (SOME)


Fixed in 3.9.12

WordPress 3.6-4.5.2 - Authenticated Revision History Information Disclosure


Fixed in 3.9.13

WordPress 2.6.0-4.5.2 - Unauthorized Category Removal from Post


Fixed in 3.9.13

WordPress 2.5-4.6 - Authenticated Stored Cross-Site Scripting via Image Filename


Fixed in 3.9.14

WordPress 2.8-4.6 - Path Traversal in Upgrade Package Uploader


Fixed in 3.9.14

WordPress 2.9-4.7 - Authenticated Cross-Site scripting (XSS) in update-core.php


Fixed in 3.9.15

WordPress 3.4-4.7 - Stored Cross-Site Scripting (XSS) via Theme Name fallback
Fixed in 3.9.15

WordPress <= 4.7 - Post via Email Checks mail.example.com by Default


Fixed in 3.9.15

WordPress 2.8-4.7 - Accessibility Mode Cross-Site Request Forgery (CSRF)


Fixed in 3.9.15

WordPress 3.0-4.7 - Cryptographically Weak Pseudo-Random Number Generator (PRNG)


Fixed in 3.9.15

WordPress 3.5-4.7.1 - WP_Query SQL Injection


Fixed in 3.9.16

WordPress 3.6.0-4.7.2 - Authenticated Cross-Site Scripting (XSS) via Media File


Metadata Fixed in 3.9.17

WordPress 2.8.1-4.7.2 - Control Characters in Redirect URL Validation


Fixed in 3.9.17

WordPress 2.3-4.8.3 - Host Header Injection in Password Reset

WordPress 2.7.0-4.7.4 - Insufficient Redirect Validation


Fixed in 3.9.19

WordPress 2.5.0-4.7.4 - Post Meta Data Values Improper Handling in XML-RPC


Fixed
in 3.9.19

WordPress 3.4.0-4.7.4 - XML-RPC Post Meta Data Lack of Capability Checks

Fixed in 3.9.19

WordPress 2.5.0-4.7.4 - Filesystem Credentials Dialog CSRF

Fixed in 3.9.19
WordPress 3.3-4.7.4 - Large File Upload Error XSS
Fixed in 3.9.19

WordPress 3.4.0-4.7.4 - Customizer XSS & CSRF


Fixed in 3.9.19

WordPress 2.3.0-4.8.1 - $wpdb->prepare() potential SQL Injection


Fixed in 3.9.20

WordPress 2.3.0-4.7.4 - Authenticated SQL injection


Fixed in 4.7.5

WordPress 2.9.2-4.8.1 - Open Redirect


Fixed in 3.9.20

WordPress 3.0-4.8.1 - Path Traversal in Unzipping

Fixed in 3.9.20

WordPress <= 4.8.2 - $wpdb->prepare() Weakness

Fixed in 3.9.21

WordPress 2.8.6-4.9 - Authenticated JavaScript File Upload

Fixed in 3.9.22

WordPress 1.5.0-4.9 - RSS and Atom Feed Escaping

Fixed in 3.9.22

WordPress 3.7-4.9 - 'newbloguser' Key Weak Hashing

Fixed in 3.9.22

WordPress 3.7-4.9.1 - MediaElement Cross-Site Scripting (XSS)

Fixed in 3.9.23

WordPress <= 4.9.4 - Application Denial of Service (DoS) (unpatched)

WordPress 3.7-4.9.4 - Remove localhost Default

Fixed in 3.9.24

WordPress 3.7-4.9.4 - Use Safe Redirect for Login

Fixed in 3.9.24

WordPress 3.7-4.9.4 - Escape Version in Generator Tag

Fixed in 3.9.24

WordPress <= 4.9.6 - Authenticated Arbitrary File Deletion

Fixed in 3.9.25

WordPress <= 5.0 - Authenticated File Delete


Fixed in 3.9.26

WordPress <= 5.0 - Authenticated Post Type Bypass

Fixed in 3.9.26

WordPress <= 5.0 - PHP Object Injection via Meta Data

Fixed in 3.9.26

WordPress <= 5.0 - Authenticated Cross-Site Scripting (XSS)

Fixed in 3.9.26

WordPress <= 5.0 - Cross-Site Scripting (XSS) that could affect plugins

Fixed in 3.9.26

WordPress <= 5.0 - User Activation Screen Search Engine Indexing

Fixed in 3.9.26

WordPress <= 5.0 - File Upload to XSS on Apache Web Servers

Fixed in 3.9.26

WordPress 3.7-5.0 (except 4.9.9) - Authenticated Code Execution


Fixed in 5.0.1

WordPress 3.9-5.1 - Comment Cross-Site Scripting (XSS)

Fixed in 3.9.27

WordPress <= 5.2.2 - Cross-Site Scripting (XSS) in URL Sanitisation


Fixed
in 3.9.28

WordPress <= 5.2.3 - Stored XSS in Customizer

Fixed in 3.9.29

WordPress <= 5.2.3 - Unauthenticated View Private/Draft Posts

Fixed in 3.9.29

WordPress <= 5.2.3 - Stored XSS in Style Tags

Fixed in 3.9.29

WordPress <= 5.2.3 - JSON Request Cache Poisoning

Fixed in 3.9.29

WordPress <= 5.2.3 - Server-Side Request Forgery (SSRF) in URL Validation

Fixed in 3.9.29

WordPress <= 5.2.3 - Admin Referrer Validation


Fixed in 3.9.29

WordPress <= 5.3 - Authenticated Improper Access Controls in REST API

Fixed in 3.9.30

WordPress <= 5.3 - Authenticated Stored XSS via Crafted Links

Fixed in 3.9.30

WordPress <= 5.3 - Authenticated Stored XSS via Block Editor Content

Fixed in 3.9.30

WordPress <= 5.3 - wp_kses_bad_protocol() Colon Bypass

Fixed in 3.9.30

WordPress < 5.4.1 - Password Reset Tokens Failed to Be Properly Invalidated

Fixed in 3.9.31

WordPress < 5.4.1 - Unauthenticated Users View Private Posts

Fixed in 3.9.31

WordPress < 5.4.1 - Authenticated Cross-Site Scripting (XSS) in Customizer

Fixed in 3.9.31

WordPress < 5.4.1 - Cross-Site Scripting (XSS) in wp-object-cache

Fixed in 3.9.31

WordPress < 5.4.1 - Authenticated Cross-Site Scripting (XSS) in File Uploads


Fixed
in 3.9.31

WordPress <= 5.2.3 - Hardening Bypass


Fixed in 3.9.29

WordPress < 5.4.2 - Authenticated XSS via Media Files

Fixed in 3.9.32

WordPress < 5.4.2 - Open Redirection


Fixed in 3.9.32

WordPress < 5.4.2 - Authenticated Stored XSS via Theme Upload

Fixed in 3.9.32

WordPress < 5.4.2 - Misuse of set-screen-option Leading to Privilege Escalation

Fixed in 3.9.32

WordPress < 5.4.2 - Disclosure of Password-Protected Page/Post Comments


Fixed in 3.9.32

WordPress 3.7 to 5.7.1 - Object Injection in PHPMailer

You might also like