CVE-2019-9787 - OpenCVE

WordPress before 5.1.1 does not properly filter comment content, leading to Remote Code Execution by unauthenticated users in a default configuration. This occurs because CSRF protection is mishandled, and because Search Engine Optimization of A elements is performed incorrectly, leading to XSS. The XSS results in administrative access, which allows arbitrary changes to .php files. This is related to wp-admin/includes/ajax-actions.php and wp-includes/comment.php.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Wordpress	Wordpress

Configuration 1 [-]

cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/107411
https://blog.ripstech.com/2019/wordpress-csrf-to-rce/
https://github.com/WordPress/WordPress/commit/0292de60ec78c5a44956765189403654fe4d080b
https://lists.debian.org/debian-lts-announce/2019/03/msg00044.html
https://wordpress.org/news/2019/03/wordpress-5-1-1-security-and-maintenance-release/
https://wordpress.org/support/wordpress-version/version-5-1-1/
https://wpvulndb.com/vulnerabilities/9230
https://www.debian.org/security/2020/dsa-4677

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-03-14T16:00:00

Updated: 2024-08-04T22:01:54.717Z

Reserved: 2019-03-14T00:00:00

Link: CVE-2019-9787

Vulnrichment

No data.

NVD

Status : Modified

Published: 2019-03-14T16:29:00.337

Modified: 2019-03-31T22:29:00.497

Link: CVE-2019-9787

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2019-03-14T00:00:00", "descriptions": [{"lang": "en", "value": "WordPress before 5.1.1 does not properly filter comment content, leading to Remote Code Execution by unauthenticated users in a default configuration. This occurs because CSRF protection is mishandled, and because Search Engine Optimization of A elements is performed incorrectly, leading to XSS. The XSS results in administrative access, which allows arbitrary changes to .php files. This is related to wp-admin/includes/ajax-actions.php and wp-includes/comment.php."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-05-06T12:06:04", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://blog.ripstech.com/2019/wordpress-csrf-to-rce/"}, {"tags": ["x_refsource_MISC"], "url": "https://wordpress.org/news/2019/03/wordpress-5-1-1-security-and-maintenance-release/"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/WordPress/WordPress/commit/0292de60ec78c5a44956765189403654fe4d080b"}, {"tags": ["x_refsource_MISC"], "url": "https://wpvulndb.com/vulnerabilities/9230"}, {"name": "107411", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/107411"}, {"tags": ["x_refsource_MISC"], "url": "https://wordpress.org/support/wordpress-version/version-5-1-1/"}, {"name": "[debian-lts-announce] 20190331 [SECURITY] [DLA 1742-1] wordpress security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00044.html"}, {"name": "DSA-4677", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2020/dsa-4677"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-9787", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "WordPress before 5.1.1 does not properly filter comment content, leading to Remote Code Execution by unauthenticated users in a default configuration. This occurs because CSRF protection is mishandled, and because Search Engine Optimization of A elements is performed incorrectly, leading to XSS. The XSS results in administrative access, which allows arbitrary changes to .php files. This is related to wp-admin/includes/ajax-actions.php and wp-includes/comment.php."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://blog.ripstech.com/2019/wordpress-csrf-to-rce/", "refsource": "MISC", "url": "https://blog.ripstech.com/2019/wordpress-csrf-to-rce/"}, {"name": "https://wordpress.org/news/2019/03/wordpress-5-1-1-security-and-maintenance-release/", "refsource": "MISC", "url": "https://wordpress.org/news/2019/03/wordpress-5-1-1-security-and-maintenance-release/"}, {"name": "https://github.com/WordPress/WordPress/commit/0292de60ec78c5a44956765189403654fe4d080b", "refsource": "MISC", "url": "https://github.com/WordPress/WordPress/commit/0292de60ec78c5a44956765189403654fe4d080b"}, {"name": "https://wpvulndb.com/vulnerabilities/9230", "refsource": "MISC", "url": "https://wpvulndb.com/vulnerabilities/9230"}, {"name": "107411", "refsource": "BID", "url": "http://www.securityfocus.com/bid/107411"}, {"name": "https://wordpress.org/support/wordpress-version/version-5-1-1/", "refsource": "MISC", "url": "https://wordpress.org/support/wordpress-version/version-5-1-1/"}, {"name": "[debian-lts-announce] 20190331 [SECURITY] [DLA 1742-1] wordpress security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00044.html"}, {"name": "DSA-4677", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2020/dsa-4677"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T22:01:54.717Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://blog.ripstech.com/2019/wordpress-csrf-to-rce/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://wordpress.org/news/2019/03/wordpress-5-1-1-security-and-maintenance-release/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/WordPress/WordPress/commit/0292de60ec78c5a44956765189403654fe4d080b"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://wpvulndb.com/vulnerabilities/9230"}, {"name": "107411", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/107411"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://wordpress.org/support/wordpress-version/version-5-1-1/"}, {"name": "[debian-lts-announce] 20190331 [SECURITY] [DLA 1742-1] wordpress security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00044.html"}, {"name": "DSA-4677", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2020/dsa-4677"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-9787", "datePublished": "2019-03-14T16:00:00", "dateReserved": "2019-03-14T00:00:00", "dateUpdated": "2024-08-04T22:01:54.717Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*", "matchCriteriaId": "58A14BF4-1BA8-4758-9703-829F85F4D04C", "versionEndExcluding": "5.1.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "WordPress before 5.1.1 does not properly filter comment content, leading to Remote Code Execution by unauthenticated users in a default configuration. This occurs because CSRF protection is mishandled, and because Search Engine Optimization of A elements is performed incorrectly, leading to XSS. The XSS results in administrative access, which allows arbitrary changes to .php files. This is related to wp-admin/includes/ajax-actions.php and wp-includes/comment.php."}, {"lang": "es", "value": "WordPress, en versiones anteriores a la 5.1.1, no filtra correctamente el contenido, lo que conduce a la ejecuci\u00f3n remota de c\u00f3digo por parte de usuarios no autenticados en una configuraci\u00f3n por defecto. Esto ocurre debido a que la protecci\u00f3n CSRF se gestiona de manera incorrecta y porque la optimizaci\u00f3n del motor de b\u00fasqueda de los elementos A se realiza incorrectamente, lo que desemboca en Cross-Site Scripting (XSS). El XSS resulta en un acceso administrativo, lo que permite cambios arbitrarios en archivos .php. Esto est\u00e1 relacionado con wp-admin/includes/ajax-actions.php y wp-includes/comment.php."}], "id": "CVE-2019-9787", "lastModified": "2019-03-31T22:29:00.497", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-03-14T16:29:00.337", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/107411"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://blog.ripstech.com/2019/wordpress-csrf-to-rce/"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/WordPress/WordPress/commit/0292de60ec78c5a44956765189403654fe4d080b"}, {"source": "cve@mitre.org", "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00044.html"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://wordpress.org/news/2019/03/wordpress-5-1-1-security-and-maintenance-release/"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://wordpress.org/support/wordpress-version/version-5-1-1/"}, {"source": "cve@mitre.org", "url": "https://wpvulndb.com/vulnerabilities/9230"}, {"source": "cve@mitre.org", "url": "https://www.debian.org/security/2020/dsa-4677"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "nvd@nist.gov", "type": "Primary"}]}