Description
WordPress is prone to multiple vulnerabilities, including arbitrary file upload, information disclosure, clickjacking and possibly SQL injection. Exploiting these issues may allow an attacker to upload arbitrary code and run it in the context of the webserver process, which may facilitate unauthorized access or privilege escalation, to obtain sensitive information that may help in launching further attacks or to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. WordPress versions prior to 3.1.3 are vulnerable.
Remediation
Update to WordPress version 3.1.3 or latest
References
Related Vulnerabilities
Oracle JRE CVE-2018-2790 Vulnerability (CVE-2018-2790)
OpenSSL NULL Pointer Dereference Vulnerability (CVE-2022-3358)
WordPress Plugin WebLibrarian Multiple Unspecified Vulnerabilities (2.6.3.1)
WordPress Plugin Merge+Minify+Refresh Cross-Site Request Forgery (1.10.6)
e107 Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2018-17081)