Multiple Vulnerabilities in WordPress Content Management System Could Allow for Unauthenticated Privilege Escalation

ITS Advisory Number: 
2017-011
Date(s) Issued: 
Thursday, February 2, 2017
Subject: 
Multiple Vulnerabilities in WordPress Content Management System Could Allow for Unauthenticated Privilege Escalation
Overview: 

Multiple vulnerabilities have been discovered in WordPress content management system (CMS), which could allow for unauthenticated privilege escalation. WordPress is an open source content management system for websites. Successful exploitation of these vulnerabilities could allow for unauthenticated privilege escalation allowing the attacker to compromise the affected website, or allow access to or modify data on the website.

Systems Affected: 
  • WordPress versions 4.7.1 and earlier
RISK
GOVERNMENT
Large and medium government entities: 
High
Small government entities: 
Medium
BUSINESS
Large and medium business entities: 
High
Small business entities: 
Medium
Home Users: 
Low
Description: 

WordPress issued a security and maintenance release which fixes multiple vulnerabilities in versions 4.7.1 and earlier. This security and maintenance release addresses the following vulnerabilities:

  • An unauthenticated privilege escalation vulnerability was discovered in a REST API endpoint.
  • The user interface for assigning taxonomy terms in "Press This" is shown to users who do not have permissions to use it.
  • "WP_Query" is vulnerable to a SQL injection (SQLi) when passing unsafe data. WordPress core is not directly vulnerable to this issue, but additional hardening was added to prevent plugins and themes from accidentally causing a vulnerability.
  • A cross-site scripting (XSS) vulnerability was discovered in the posts list table.

Successful exploitation of these vulnerabilities could allow for unauthorized privilege escalation allowing an attacker to compromise the affected website, or allow access to or modify data on the website.

Actions: 
  • Ensure no unauthorized systems changes have occurred before applying patches.
  • After appropriate testing, update WordPress CMS to the latest version.
  • Run all software as a non-privileged user to diminish effects of a successful attack.
  • Review and follow WordPress hardening guidelines - http://codex.wordpress.org/Hardening_WordPress.