CVE-2019-9787
WordPress Core < 5.1.1 - Cross-Site Request Forgery to Cross-Site Scripting via Comments
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
WordPress before 5.1.1 does not properly filter comment content, leading to Remote Code Execution by unauthenticated users in a default configuration. This occurs because CSRF protection is mishandled, and because Search Engine Optimization of A elements is performed incorrectly, leading to XSS. The XSS results in administrative access, which allows arbitrary changes to .php files. This is related to wp-admin/includes/ajax-actions.php and wp-includes/comment.php.
WordPress, en versiones anteriores a la 5.1.1, no filtra correctamente el contenido, lo que conduce a la ejecución remota de código por parte de usuarios no autenticados en una configuración por defecto. Esto ocurre debido a que la protección CSRF se gestiona de manera incorrecta y porque la optimización del motor de búsqueda de los elementos A se realiza incorrectamente, lo que desemboca en Cross-Site Scripting (XSS). El XSS resulta en un acceso administrativo, lo que permite cambios arbitrarios en archivos .php. Esto está relacionado con wp-admin/includes/ajax-actions.php y wp-includes/comment.php.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-03-14 CVE Reserved
- 2019-03-14 CVE Published
- 2021-06-29 First Exploit
- 2024-08-04 CVE Updated
- 2024-10-31 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-352: Cross-Site Request Forgery (CSRF)
CAPEC
References (9)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/107411 | Third Party Advisory | |
https://lists.debian.org/debian-lts-announce/2019/03/msg00044.html | Mailing List | |
https://wpvulndb.com/vulnerabilities/9230 | X_refsource_misc |
URL | Date | SRC |
---|---|---|
https://github.com/dexXxed/CVE-2019-9787 | 2021-06-29 | |
https://blog.ripstech.com/2019/wordpress-csrf-to-rce | 2024-08-04 |
URL | Date | SRC |
---|---|---|
https://github.com/WordPress/WordPress/commit/0292de60ec78c5a44956765189403654fe4d080b | 2019-03-31 |
URL | Date | SRC |
---|---|---|
https://wordpress.org/news/2019/03/wordpress-5-1-1-security-and-maintenance-release | 2019-03-31 | |
https://wordpress.org/support/wordpress-version/version-5-1-1 | 2019-03-31 | |
https://www.debian.org/security/2020/dsa-4677 | 2019-03-31 |