HackDig : Dig high-quality web security articles for hacker

WordPress 4.7.3 is out to fix 6 security issues, but CSRF flaw remains unpatched

2017-03-08 06:00

WordPress 4.7.3 release is out to fix six security issues, but a CSRF vulnerability discovered in July 2016 remains unpatched.

WordPress has issued a new security releasethe WordPress 4.7.3 release, that addresses six security flaws, including three cross-site scripting (XSS) vulnerabilities.  The flaws were discovered by the security experts Chris Andrè Dale, Yorick Koster, Simon P. Briggs, Marc Montpas and a user that goes online with the moniker “Delta.”

The XSS vulnerabilities can be exploited via media file metadata, video URLs in YouTube embeds, and taxonomy term names.

WordPress 4.7.3

Below the list of vulnerabilities addressed by the WordPress 4.7.3 release:

  1. Cross-site scripting (XSS) via media file metadata.  Reported by Chris Andrè Dale, Yorick Koster, and Simon P. Briggs.
  2. Control characters can trick redirect URL validation.  Reported by Daniel Chatfield.
  3. Unintended files can be deleted by administrators using the plugin deletion functionality.  Reported by xuliang.
  4. Cross-site scripting (XSS) via video URL in YouTube embeds.  Reported by Marc Montpas.
  5. Cross-site scripting (XSS) via taxonomy term names.  Reported by Delta.
  6. Cross-site request forgery (CSRF) in Press This leading to excessive use of server resources.  Reported by Sipke Mellema.

It is interesting to note that both CSRF and XSS flaws were discovered in July 2016 during the Summer of Pwnage competition organized by the security firm Securify. The researchers released proof-of-concept (PoC) code to exploit both issues.

According to Koster, who spotted the vulnerabilities in the playlist functionality, the attacker needs to convince an editor or administrator into uploading an MP3 file containing specially crafted metadata. Using this trick the attacker’s malicious code attacker’s code will be executed when the metadata is processed by the renderTracks() or wp_playlist_shortcode() functions.

However, there is a CSRF vulnerability in WordPress that still has not been patched, the flaw was discovered in July 2016 and the details for the exploitation were not disclosed.

The flaw could be exploited by an attacker to steal FTP and SSH login credentials.

The security expert Cengiz Han Sahin explained this vulnerability may have a high impact, but the probability of exploitation is low.

Pierluigi Paganini

(Security Affairs – WordPress 4.7.3, hacking)

The post WordPress 4.7.3 is out to fix 6 security issues, but CSRF flaw remains unpatched appeared first on Security Affairs.


Source: lmth.ytiruces-3-7-4-sserpdrow/gnikcah/35965/sserpdrow/oc.sriaffaytiruces

Read:2630 | Comments:0 | Tags:Breaking News Hacking CMS CSRF Pierluigi Paganini Security A

“WordPress 4.7.3 is out to fix 6 security issues, but CSRF flaw remains unpatched”0 Comments

Submit A Comment

Name:

Email:

Blog :

Verification Code:

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud