Improper access control in Related Posts - CVE-2019-11869
Published: April 12, 2019 / Updated: May 14, 2019
Vulnerability identifier: #VU18244
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:A/U:Amber
CVE-ID: CVE-2019-11869
CWE-ID: CWE-284
Exploitation vector: Remote access
Exploit availability:
The vulnerability is being exploited in the wild
Vendor: Lenin Zapata
Affected software:
Related Posts
Related Posts
Detailed vulnerability description
The vulnerability allows a remote attacker to gain unauthorized access to the website.
The vulnerability exists due to improper access restrictions when processing HTTP requests. A remote attacker can pass specially crafted configuration to the affected application and inject arbitrary JavaScript code WordPress configuration.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable application.
Note: the vulnerability is being actively exploited i the wild.
How to mitigate CVE-2019-11869
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.