Vulnerability identifier: #VU17788

Vulnerability risk: High

CVSSv3.1: 9.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C]

CVE-ID: CVE-2019-8943

CWE-ID: CWE-22

Exploitation vector: Network

Exploits in database: 3

• February 3, 2021
  • WordPress 5.0.0 - Image Remote Code Execution [Exploit-DB]
• February 1, 2021
  • CVE-2019-8943 (Exploit of CVE-2019-8942 and CVE-2019-8943 ) [Github]
• March 18, 2020
  • WordPress Crop-image Shell Upload [Metasploit]

Impact: Code execution

Vulnerable software:
WordPress
Web applications / CMS

Vendor: WordPress.ORG