Multiple vulnerabilities have been discovered in WordPress content management system (CMS), which could allow for unauthenticated privilege escalation. WordPress is an open source content management system for websites. Successful exploitation of these vulnerabilities could allow for unauthenticated privilege escalation allowing the attacker to compromise the affected website, or allow access to or modify data on the website.
- WordPress versions 4.7.1 and earlier
WordPress issued a security and maintenance release which fixes multiple vulnerabilities in versions 4.7.1 and earlier. This security and maintenance release addresses the following vulnerabilities:
- An unauthenticated privilege escalation vulnerability was discovered in a REST API endpoint.
- The user interface for assigning taxonomy terms in "Press This" is shown to users who do not have permissions to use it.
- "WP_Query" is vulnerable to a SQL injection (SQLi) when passing unsafe data. WordPress core is not directly vulnerable to this issue, but additional hardening was added to prevent plugins and themes from accidentally causing a vulnerability.
- A cross-site scripting (XSS) vulnerability was discovered in the posts list table.
Successful exploitation of these vulnerabilities could allow for unauthorized privilege escalation allowing an attacker to compromise the affected website, or allow access to or modify data on the website.
- Ensure no unauthorized systems changes have occurred before applying patches.
- After appropriate testing, update WordPress CMS to the latest version.
- Run all software as a non-privileged user to diminish effects of a successful attack.
- Review and follow WordPress hardening guidelines - http://codex.wordpress.org/Hardening_WordPress.