Versions of WordPress prior to 3.6.1 are susceptible to the following vulnerabilities :
- A flaw exists in the ‘get_allowed_mime_types function’ in ‘wp-includes/functions.php’. The issue is due to the program failing to properly restrict file uploads for SWF and EXE files. With a specially crafted file, a remote authenticated attacker can more easily conduct a cross-site scripting (XSS) attack. (CVE-2013-5739)
- A flaw exists in the ‘wp-includes/functions.php’ script that is due to the program failing to determine whether data has been serialized. With a saturation of PHP unserialize operations, a remote attacker can potentially execute arbitrary code. (CVE-2013-4338)
- A flaw exists that is triggered when handling a specially crafted string, which can result in URLs not being properly validated before an HTTP redirect. This may allow a remote attacker to bypass redirect restrictions. (CVE-2013-4339)
- A flaw exists in the ‘wp-admin/includes/post.php’ script that is triggered when handling a specially crafted ‘user_ID’ parameter. This may allow a remote attacker to spoof the authorship of arbitrary posts. (CVE-2013-4340)
- A flaw exists in the ‘get_allowed_mime_types’ function in ‘wp-includes/functions.php’ that is due to HTML file uploads not requiring the unfiltered_html capability. With a specially crafted file, a remote attacker can more easily conduct a cross-site scripting (XSS) attack. (CVE-2013-5738)
- A flaw exists that allows a remote cross site redirection attack. This flaw exists because the application does not validate input passed via ‘_wp_http_referer’ or ‘_wp_original_http_referer’ upon submission to the ‘edit-tags.php’ and ‘media.php’ scripts. This could allow a user to create a specially crafted URL, that if clicked, would redirect a victim from the intended legitimate web site to an arbitrary web site of the attacker’s choosing. Such attacks are useful as the crafted URL initially appear to be a web page of a trusted site. This could be leveraged to direct an unsuspecting user to a web page containing attacks that target client side software such as a web browser or document rendering programs.
- A flaw exists that allows a reflected cross-site scripting (XSS) attack. This flaw exists because the application does not validate the ‘_wp_http_referer’ parameter upon submission to the ‘/wp-admin/edit-tags.php’ script. This may allow an attacker to create a specially crafted request that would execute arbitrary script code in a user’s browser within the trust relationship between their browser and the server.