Serious Security Vulnerabilities of WordPress 1.5.1.2 and below

WordPress is a very popular personal publishing platform aka blogging platform (with a primitive CMS) in use all over the web. There are a number of serious security vulnerabilities in WordPress that may allow an attacker to ultimately run arbitrary code on the vulnerable system. Unfortunately the authors believe in security-by-obscurity. Here are the details.

The vulnerabilities include “SQL Injection”, “Cross Site Scripting”, “Remote Code Execution“, “Forgotten Password Security Issues” and also issues that may aid an attacker in social engineering like “Full Path Disclosure”. An updated version of WordPress (version 1.5.1.3) is available (automatic patch upgrade from WordPress 1.5.1.2 to 1.5.1.3) and users are strongly advised to upgrade immediately.

To give an example:

Cross Site Scripting:
There are a number of cross site scripting issues in the WordPress personal publishing platform.

https://wordpress/wp-admin/post.php?action=confirmdeletecomment&p=1&
comment=22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E%3C/script%3E

https://wordpress/wp-admin/post.php?action=confirmdeletecomment&p=1
22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E%3C/script%3E&comment=2

Even though these vulnerabilities are in the admin section I still consider them a higher risk than “normal” because if an attacker has an admin’s cookie data then he can forge a cookie, access the admin section, and execute arbitrary code by inserting malicious php into an existing plugin. Also, if you are thinking that the referrer check in wordpress prevents this particular vulnerability then you are mistaken.

Further details on the vulnerabilities and exploit.

The moral of the story is upgrade and do it now.