CVE-2019-12826 - OpenCVE

A Cross-Site-Request-Forgery (CSRF) vulnerability in widget_logic.php in the 2by2host Widget Logic plugin before 5.10.2 for WordPress allows remote attackers to execute PHP code via snippets (that are attached to widgets and then eval'd to dynamically determine their visibility) by crafting a malicious POST request that tricks administrators into adding the code.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Wpchef	Widget Logic

Configuration 1 [-]

cpe:2.3:a:wpchef:widget_logic:*:*:*:*:*:wordpress:*:*

No data.

References

Link	Providers
https://dannewitz.ninja/posts/widget-logic-csrf-to-rce
https://plugins.trac.wordpress.org/changeset/2112753/widget-logic
https://wpvulndb.com/vulnerabilities/9403
https://wpvulndb.com/vulnerabilities/9413

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-07-01T17:56:51

Updated: 2024-08-04T23:32:54.825Z

Reserved: 2019-06-14T00:00:00

Link: CVE-2019-12826

Vulnrichment

No data.

NVD

Status : Modified

Published: 2019-07-01T18:15:11.740

Modified: 2019-07-31T08:15:11.583

Link: CVE-2019-12826

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2019-06-26T00:00:00", "descriptions": [{"lang": "en", "value": "A Cross-Site-Request-Forgery (CSRF) vulnerability in widget_logic.php in the 2by2host Widget Logic plugin before 5.10.2 for WordPress allows remote attackers to execute PHP code via snippets (that are attached to widgets and then eval'd to dynamically determine their visibility) by crafting a malicious POST request that tricks administrators into adding the code."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-08-15T10:06:02", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://dannewitz.ninja/posts/widget-logic-csrf-to-rce"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://plugins.trac.wordpress.org/changeset/2112753/widget-logic"}, {"tags": ["x_refsource_MISC"], "url": "https://wpvulndb.com/vulnerabilities/9413"}, {"tags": ["x_refsource_MISC"], "url": "https://wpvulndb.com/vulnerabilities/9403"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-12826", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A Cross-Site-Request-Forgery (CSRF) vulnerability in widget_logic.php in the 2by2host Widget Logic plugin before 5.10.2 for WordPress allows remote attackers to execute PHP code via snippets (that are attached to widgets and then eval'd to dynamically determine their visibility) by crafting a malicious POST request that tricks administrators into adding the code."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://dannewitz.ninja/posts/widget-logic-csrf-to-rce", "refsource": "MISC", "url": "https://dannewitz.ninja/posts/widget-logic-csrf-to-rce"}, {"name": "https://plugins.trac.wordpress.org/changeset/2112753/widget-logic", "refsource": "CONFIRM", "url": "https://plugins.trac.wordpress.org/changeset/2112753/widget-logic"}, {"name": "https://wpvulndb.com/vulnerabilities/9413", "refsource": "MISC", "url": "https://wpvulndb.com/vulnerabilities/9413"}, {"name": "https://wpvulndb.com/vulnerabilities/9403", "refsource": "MISC", "url": "https://wpvulndb.com/vulnerabilities/9403"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T23:32:54.825Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://dannewitz.ninja/posts/widget-logic-csrf-to-rce"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://plugins.trac.wordpress.org/changeset/2112753/widget-logic"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://wpvulndb.com/vulnerabilities/9413"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://wpvulndb.com/vulnerabilities/9403"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-12826", "datePublished": "2019-07-01T17:56:51", "dateReserved": "2019-06-14T00:00:00", "dateUpdated": "2024-08-04T23:32:54.825Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wpchef:widget_logic:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "416E0D99-BB05-40C0-BA2B-EC0622023518", "versionEndExcluding": "5.10.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A Cross-Site-Request-Forgery (CSRF) vulnerability in widget_logic.php in the 2by2host Widget Logic plugin before 5.10.2 for WordPress allows remote attackers to execute PHP code via snippets (that are attached to widgets and then eval'd to dynamically determine their visibility) by crafting a malicious POST request that tricks administrators into adding the code."}, {"lang": "es", "value": "Una vulnerabilidad de Cross-Site Request Forgery (CSRF) en widget_logic.php en el plugin 2by2host Widget Logic en versiones anteriores a la 5.10.2 para WordPress permite a atacantes remotos ejecutar c\u00f3digo PHP mediante snippets (que se adjuntan a los widgets y luego se eval\u00faan din\u00e1micamente para determinar su visibilidad) creando una solicitud POST maliciosa que enga\u00f1e a los administradores para que agreguen el c\u00f3digo."}], "id": "CVE-2019-12826", "lastModified": "2019-07-31T08:15:11.583", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-07-01T18:15:11.740", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://dannewitz.ninja/posts/widget-logic-csrf-to-rce"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://plugins.trac.wordpress.org/changeset/2112753/widget-logic"}, {"source": "cve@mitre.org", "url": "https://wpvulndb.com/vulnerabilities/9403"}, {"source": "cve@mitre.org", "url": "https://wpvulndb.com/vulnerabilities/9413"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "nvd@nist.gov", "type": "Primary"}]}