Main Vulnerability Database Vulnerabilities #VU18244

#VU18244 Improper access control in Related Posts - CVE-2019-11869

Published: April 12, 2019 / Updated: May 14, 2019

Vulnerability identifier: #VU18244

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:A/U:Amber

CVE-ID: CVE-2019-11869

CWE-ID: CWE-284

Exploitation vector: Remote access

Exploit availability: The vulnerability is being exploited in the wild

Vulnerable software:
Related Posts

Software vendor:
Lenin Zapata

Description

The vulnerability allows a remote attacker to gain unauthorized access to the website.

The vulnerability exists due to improper access restrictions when processing HTTP requests. A remote attacker can pass specially crafted configuration to the affected application and inject arbitrary JavaScript code WordPress configuration.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable application.

Note: the vulnerability is being actively exploited i the wild.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links

https://blog.sucuri.net/2019/04/attacks-on-closed-wordpress-plugins.html

#VU18244 Improper access control in Related Posts - CVE-2019-11869

Description

Remediation

External links

Please verify you're human