{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2019-25215", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2024-10-15T18:00:31.032Z", "datePublished": "2024-10-16T06:43:34.069Z", "dateUpdated": "2024-10-16T18:05:18.848Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2024-10-16T06:43:34.069Z"}, "affected": [{"vendor": "arisoft", "product": "ARI Adminer \u2013 WordPress Database Manager", "versions": [{"version": "*", "status": "affected", "lessThanOrEqual": "1.1.14", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The ARI-Adminer plugin for WordPress is vulnerable to authorization bypass due to a lack of file access controls in nearly every file of the plugin in versions up to, and including, 1.1.14. This makes it possible for unauthenticated attackers to call the files directly and perform a wide variety of unauthorized actions such as accessing a site's database and making changes."}], "title": "ARI-Adminer <= 1.1.14 - Missing Authorization and No Direct File Access Restrictions", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/67ad04d4-49ef-4bc4-b3b0-f2752566145e?source=cve"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2065317%40ari-adminer&new=2065317%40ari-adminer&sfp_email=&sfph_mail="}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-862 Missing Authorization", "cweId": "CWE-862", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "baseScore": 7.3, "baseSeverity": "HIGH"}}], "timeline": [{"time": "2019-04-08T00:00:00.000+00:00", "lang": "en", "value": "Disclosed"}]}, "adp": [{"affected": [{"vendor": "ari-soft", "product": "ari_adminer", "cpes": ["cpe:2.3:a:ari-soft:ari_adminer:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.1.14", "versionType": "semver"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-16T15:34:21.504188Z", "id": "CVE-2019-25215", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-16T18:05:18.848Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2019-25215", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-16T15:34:21.504188Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:ari-soft:ari_adminer:*:*:*:*:*:*:*:*"], "vendor": "ari-soft", "product": "ari_adminer", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.1.14"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-16T17:51:09.225Z"}}], "cna": {"title": "ARI-Adminer <= 1.1.14 - Missing Authorization and No Direct File Access Restrictions", "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}}], "affected": [{"vendor": "arisoft", "product": "ARI Adminer \u2013 WordPress Database Manager", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "1.1.14"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2019-04-08T00:00:00.000+00:00", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/67ad04d4-49ef-4bc4-b3b0-f2752566145e?source=cve"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2065317%40ari-adminer&new=2065317%40ari-adminer&sfp_email=&sfph_mail="}], "descriptions": [{"lang": "en", "value": "The ARI-Adminer plugin for WordPress is vulnerable to authorization bypass due to a lack of file access controls in nearly every file of the plugin in versions up to, and including, 1.1.14. This makes it possible for unauthenticated attackers to call the files directly and perform a wide variety of unauthorized actions such as accessing a site's database and making changes."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2024-10-16T06:43:34.069Z"}}}, "cveMetadata": {"cveId": "CVE-2019-25215", "state": "PUBLISHED", "dateUpdated": "2024-10-16T18:05:18.848Z", "dateReserved": "2024-10-15T18:00:31.032Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2024-10-16T06:43:34.069Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The ARI-Adminer plugin for WordPress is vulnerable to authorization bypass due to a lack of file access controls in nearly every file of the plugin in versions up to, and including, 1.1.14. This makes it possible for unauthenticated attackers to call the files directly and perform a wide variety of unauthorized actions such as accessing a site's database and making changes."}, {"lang": "es", "value": "El complemento ARI-Adminer para WordPress es vulnerable a la omisi\u00f3n de autorizaci\u00f3n debido a la falta de controles de acceso a archivos en casi todos los archivos del complemento en las versiones hasta la 1.1.14 incluida. Esto permite que atacantes no autenticados accedan a los archivos directamente y realicen una amplia variedad de acciones no autorizadas, como acceder a la base de datos de un sitio y realizar cambios."}], "id": "CVE-2019-25215", "lastModified": "2024-10-16T16:38:14.557", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.4, "source": "security@wordfence.com", "type": "Primary"}]}, "published": "2024-10-16T07:15:06.467", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2065317%40ari-adminer&new=2065317%40ari-adminer&sfp_email=&sfph_mail="}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/67ad04d4-49ef-4bc4-b3b0-f2752566145e?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "security@wordfence.com", "type": "Primary"}]}

{}