CVSS: 5.8EPSS: 0%CPEs: 4EXPL: 0CVE-2019-16780 – Stored cross-site scripting (XSS) in WordPress block editor
https://notcve.org/view.php?id=CVE-2019-16780
WordPress users with lower privileges (like contributors) can inject JavaScript code in the block editor using a specific payload, which is executed within the dashboard. This can lead to XSS if an admin opens the post in the editor. Execution of this attack does require an authenticated user. This has been patched in WordPress 5.3.1, along with all the previous WordPress versions from 3.7 to 5.3 via a minor release. Automatic updates are enabled by default for minor releases and we strongly recommend that you keep them enabled. • https://github.com/WordPress/wordpress-develop/commit/505dd6a20b6fc3d06130018c1caeff764248c29e https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-x3wp-h3qx-9w94 https://hackerone.com/reports/738644 https://seclists.org/bugtraq/2020/Jan/8 https://wordpress.org/news/2019/12/wordpress-5-3-1-security-and-maintenance-release https://wpvulndb.com/vulnerabilities/9976 https://www.debian.org/security/2020/dsa-4599 https://www.debian.org/security/2020/dsa-4677 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.8EPSS: 0%CPEs: 3EXPL: 0CVE-2019-16781 – Stored cross-site scripting (XSS) in WordPress block editor
https://notcve.org/view.php?id=CVE-2019-16781
In WordPress before 5.3.1, authenticated users with lower privileges (like contributors) can inject JavaScript code in the block editor, which is executed within the dashboard. It can lead to an admin opening the affected post in the editor leading to XSS. En WordPress versiones anteriores a 5.3.1, los usuarios autenticados con privilegios más bajos (como los contribuyentes) pueden inyectar código JavaScript en el editor de bloques, que es ejecutado dentro del panel. Puede conllevar a un administrador a abrir la publicación afectada en el editor conllevando a un ataque de tipo XSS. • https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-pg4x-64rh-3c9v https://hackerone.com/reports/731301 https://seclists.org/bugtraq/2020/Jan/8 https://wordpress.org/news/2019/12/wordpress-5-3-1-security-and-maintenance-release https://wpvulndb.com/vulnerabilities/9976 https://www.debian.org/security/2020/dsa-4599 https://www.debian.org/security/2020/dsa-4677 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0CVE-2019-20043 – WordPress Core < 5.3.1 - Authorization Bypass
https://notcve.org/view.php?id=CVE-2019-20043
In in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php in WordPress 3.7 to 5.3.0, authenticated users who do not have the rights to publish a post are able to mark posts as sticky or unsticky via the REST API. For example, the contributor role does not have such rights, but this allowed them to bypass that. This has been patched in WordPress 5.3.1, along with all the previous WordPress versions from 3.7 to 5.3 via a minor release. En wp-includes / rest-api / endpoints / class-wp-rest-posts-controller.php en WordPress 3.7 a 5.3.0, los usuarios autenticados que no tienen los derechos para publicar una publicación pueden marcar publicaciones como fijas o antiadherente a través de la API REST. Por ejemplo, el rol de contribuyente no tiene tales derechos, pero esto les permitió evitarlo. • https://core.trac.wordpress.org/changeset/46893/trunk https://github.com/WordPress/wordpress-develop/commit/1d1d5be7aa94608c04516cac4238e8c22b93c1d9 https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-g7rg-hchx-c2gw https://seclists.org/bugtraq/2020/Jan/8 https://wordpress.org/news/2019/12/wordpress-5-3-1-security-and-maintenance-release https://wpvulndb.com/vulnerabilities/9973 https://www.debian.org/security/2020/dsa-4599 https://www.debian.org/security/2020/dsa-4677 • CWE-269: Improper Privilege Management CWE-285: Improper Authorization •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2019-17670 – WordPress Core < 5.2.4 - Server Side Request Forgery #2
https://notcve.org/view.php?id=CVE-2019-17670
WordPress before 5.2.4 has a Server Side Request Forgery (SSRF) vulnerability because Windows paths are mishandled during certain validation of relative URLs. WordPress versiones anteriores a 5.2.4, presenta una vulnerabilidad de tipo Server Side Request Forgery (SSRF) porque las rutas (paths) de Windows son manejadas inapropiadamente durante cierta comprobación de las URL relativas. • https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html https://core.trac.wordpress.org/changeset/46472 https://github.com/WordPress/WordPress/commit/9db44754b9e4044690a6c32fd74b9d5fe26b07b2 https://lists.debian.org/debian-lts-announce/2019/11/msg00000.html https://lists.debian.org/debian-lts-announce/2020/09/msg00011.html https://lists.debian.org/debian-lts-announce/2022/10/msg00010.html https://wordpress.org/news/2019/10/wordpress-5-2-4-security-r • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 0CVE-2019-17669 – WordPress Core < 5.2.4 - Server Side Request Forgery
https://notcve.org/view.php?id=CVE-2019-17669
WordPress before 5.2.4 has a Server Side Request Forgery (SSRF) vulnerability because URL validation does not consider the interpretation of a name as a series of hex characters. WordPress versiones anteriores a 5.2.4, presenta una vulnerabilidad de tipo Server Side Request Forgery (SSRF) porque la comprobación de URL no considera la interpretación de un nombre como una serie de caracteres hexadecimales. • https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html https://core.trac.wordpress.org/changeset/46475 https://github.com/WordPress/WordPress/commit/608d39faed63ea212b6c6cdf9fe2bef92e2120ea https://lists.debian.org/debian-lts-announce/2019/11/msg00000.html https://seclists.org/bugtraq/2020/Jan/8 https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release https://wpvulndb.com/vulnerabilities/9912 https://www.debian.org/security/2020/dsa-4 • CWE-918: Server-Side Request Forgery (SSRF) •