Multiple Vulnerabilities in WordPress Content Management System Could Allow for Arbitrary Code Execution

ITS Advisory Number: 
2015-087
Date(s) Issued: 
Thursday, August 6, 2015
Subject: 
Multiple Vulnerabilities in WordPress Content Management System Could Allow for Arbitrary Code Execution
Overview: 

Multiple vulnerabilities have been discovered in WordPress content management system (CMS), which could allow for arbitrary code execution. WordPress is an open source content management system for websites.

These vulnerabilities can be exploited using a web browser. Successful exploitation of these vulnerabilities allows for arbitrary code to be executed allowing an attacker to steal cookie-based authentication credentials, compromise the affected website, or allow access to or modify data.

Systems Affected: 
  • WordPress versions prior to 4.2.4
RISK
GOVERNMENT
Large and medium government entities: 
High
Small government entities: 
High
BUSINESS
Large and medium business entities: 
High
Small business entities: 
High
Home Users: 
High
Description: 

WordPress has released a security and maintenance release which fixes multiple vulnerabilities in versions prior to 4.2.4. This security and maintenance release addresses the following vulnerabilities:

  • Three cross-site scripting vulnerabilities due to its failure to sanitize user-supplied input that could allow for arbitrary code to be executed within a user's browser.
  • A SQL-injection vulnerability due to its failure to sanitize user-supplied input that could allow a remote attacker to execute arbitrary SQL commands potentially compromising the website or allowing for data modification (CVE-2015-2213).
  • A vulnerability that could allow a timing side-channel attack which could allow an attacker to analyze the time it takes for computations to complete.
  • A vulnerability that could allow an attacker to lock a post from being edited resulting in a Denial of Service scenario.

Successful exploitation of these vulnerabilities allows for arbitrary code to be executed allowing an attacker to steal cookie-based authentication credentials, compromise the affected website, or allow access to or modify data.

 

Actions: 
  • Ensure no unauthorized systems changes have occurred before applying patches.
  • Update WordPress CMS to the latest version after appropriate testing.
  • Run all software as a non-privileged user to diminish effects of a successful attack.
  • Review and follow WordPress hardening guidelines found here: http://codex.wordpress.org/Hardening_WordPress