CVSS: 8.8EPSS: 94%CPEs: 11EXPL: 8CVE-2019-8942 – WordPress Core < 5.0.1 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2019-8942
WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code execution because an _wp_attached_file Post Meta entry can be changed to an arbitrary string, such as one ending with a .jpg?file.php substring. An attacker with author privileges can execute arbitrary code by uploading a crafted image containing PHP code in the Exif metadata. Exploitation can leverage CVE-2019-8943. WordPress, en versiones anteriores a la 4.99 y en las 5.x anteriores a la 5.0.1, permite la ejecución remota de código debido a que una entrada "Post Meta" _wp_attached_file puede modificarse a una cadena arbitraria, como uno que termina en una subcadena ".jpg? • https://www.exploit-db.com/exploits/46662 https://www.exploit-db.com/exploits/46511 https://github.com/synacktiv/CVE-2019-8942 https://github.com/tuannq2299/CVE-2019-8942 http://packetstormsecurity.com/files/152396/WordPress-5.0.0-crop-image-Shell-Upload.html http://www.rapid7.com/db/modules/exploit/multi/http/wp_crop_rce http://www.securityfocus.com/bid/107088 https://blog.ripstech.com/2019/wordpress-image-remote-code-execution https://lists.debian.org/debian-lts-announce/2 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2018-20150 – WordPress Core < 5.0.1 Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-20150
In WordPress before 4.9.9 and 5.x before 5.0.1, crafted URLs could trigger XSS for certain use cases involving plugins. En WordPress, en versiones anteriores a la 4.9.9 y versiones 5.x anteriores a la 5.0.1, las URL manipuladas podrían desencadenar Cross-Site Scripting (XSS) para ciertos casos de uso relacionados con los plugins. • http://www.securityfocus.com/bid/106220 https://codex.wordpress.org/Version_4.9.9 https://github.com/WordPress/WordPress/commit/fb3c6ea0618fcb9a51d4f2c1940e9efcd4a2d460 https://lists.debian.org/debian-lts-announce/2019/02/msg00019.html https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release https://wordpress.org/support/wordpress-version/version-5-0-1 https://wpvulndb.com/vulnerabilities/9173 https://www.debian.org/security/2019/dsa-4401 https://www.zdnet.com/article/wordpress- • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 4EXPL: 0CVE-2018-20153 – WordPress Core < 5.0.1 - Authenticated Stored Cross-Site Scripting via Comments
https://notcve.org/view.php?id=CVE-2018-20153
In WordPress before 4.9.9 and 5.x before 5.0.1, contributors could modify new comments made by users with greater privileges, possibly causing XSS. En WordPress, en versiones anteriores a la 4.9.9 y versiones 5.x anteriores a la 5.0.1, los contribuyentes podrían modificar nuevos comentarios realizados por los usuarios con mayores privilegios, lo que podría provocar Cross-Site Scripting (XSS). • http://www.securityfocus.com/bid/106220 https://codex.wordpress.org/Version_4.9.9 https://lists.debian.org/debian-lts-announce/2019/02/msg00019.html https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release https://wordpress.org/support/wordpress-version/version-5-0-1 https://wpvulndb.com/vulnerabilities/9172 https://www.debian.org/security/2019/dsa-4401 https://www.zdnet.com/article/wordpress-plugs-bug-that-led-to-google-indexing-some-user-passwords • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 1CVE-2018-20148 – WordPress Core < 5.0.1 - PHP Object Injection
https://notcve.org/view.php?id=CVE-2018-20148
In WordPress before 4.9.9 and 5.x before 5.0.1, contributors could conduct PHP object injection attacks via crafted metadata in a wp.getMediaItem XMLRPC call. This is caused by mishandling of serialized data at phar:// URLs in the wp_get_attachment_thumb_file function in wp-includes/post.php. En WordPress, en versiones anteriores a la 4.9.9 y versiones 5.x anteriores a la 5.0.1, los contribuyentes pueden llevar a cabo ataques de inyección de objetos PHP mediante metadatos manipulados en una llamada wp.getMediaItem. Esto viene provocado por la gestión incorrecta de datos serializados en URL phar:// en la función wp_get_attachment_thumb_file en wp-includes/post.php. • http://www.securityfocus.com/bid/106220 https://blog.secarma.co.uk/labs/near-phar-dangerous-unserialization-wherever-you-are https://codex.wordpress.org/Version_4.9.9 https://lists.debian.org/debian-lts-announce/2019/02/msg00019.html https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release https://wordpress.org/support/wordpress-version/version-5-0-1 https://wpvulndb.com/vulnerabilities/9171 https://www.debian.org/security/2019/dsa-4401 https://www.zdnet.com/articl • CWE-502: Deserialization of Untrusted Data •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2018-20152 – WordPress Core < 5.0.1 - Authorization Bypass
https://notcve.org/view.php?id=CVE-2018-20152
In WordPress before 4.9.9 and 5.x before 5.0.1, authors could bypass intended restrictions on post types via crafted input. En WordPress, en versiones anteriores a la 4.9.9 y versiones 5.x anteriores a la 5.0.1, los autores podrían omitir las restricciones planeadas sobre los tipos de publicación mediante entradas manipuladas. • http://www.securityfocus.com/bid/106220 https://codex.wordpress.org/Version_4.9.9 https://lists.debian.org/debian-lts-announce/2019/02/msg00019.html https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release https://wordpress.org/support/wordpress-version/version-5-0-1 https://wpvulndb.com/vulnerabilities/9170 https://www.debian.org/security/2019/dsa-4401 https://www.zdnet.com/article/wordpress-plugs-bug-that-led-to-google-indexing-some-user-passwords • CWE-20: Improper Input Validation CWE-285: Improper Authorization •