Lucene search

CVE-2018-15877

🗓️ 26 Aug 2018 00:00:00Reported by AttackerKBType

The Plainview Activity Monitor plugin before 20180826 for WordPress is vulnerable to OS command injection via shell metacharacters in the ip parameter of a wp-admin/admin.php?page=plainview_activity_monitor&tab=activity_tools request. The plugin has approximately 1000 active installations and 24,816 downloads. The vulnerable versions affect around 25% of active installations. Attacker needs to be authenticated with a privileged account to exploit the vulnerability, but it is easy to exploit

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 17
exploitpack	WordPress Plugin Plainview Activity Monitor 20161228 - (Authenticated) Command Injection	27 Aug 201800:00	–	exploitpack
Packet Storm	WordPress Plainview Activity Monitor 20161228 Remote Code Execution	7 Jul 202100:00	–	packetstorm
Packet Storm	WordPress Plainview Activity Monitor 20161228 Remote Command Execution	29 Nov 201900:00	–	packetstorm
Packet Storm	WordPress Plainview Activity Monitor 20161228 Command Injection	27 Aug 201800:00	–	packetstorm
Exploit DB	WordPress Plugin Plainview Activity Monitor 20161228 - Remote Code Execution (RCE) (Authenticated) (2)	7 Jul 202100:00	–	exploitdb
Exploit DB	WordPress Plugin Plainview Activity Monitor 20161228 - (Authenticated) Command Injection	27 Aug 201800:00	–	exploitdb
0day.today	WordPress Plainview Activity Monitor 20161228 Plugin - Command Injection Exploit	28 Aug 201800:00	–	zdt
0day.today	WordPress Plainview Activity Monitor 20161228 Remote Command Execution Exploit	30 Nov 201900:00	–	zdt
0day.today	WordPress Plainview Activity Monitor 20161228 Plugin - Remote Code Execution (Authenticated) Exploit	7 Jul 202100:00	–	zdt
Patchstack	WordPress Plainview Activity Monitor plugin <= 20161228 - Remote Command Execution (RCE) vulnerability	28 Aug 201800:00	–	patchstack

Source	Link
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
exploit-db	www.exploit-db.com/exploits/45274
exploit-db	www.exploit-db.com/exploits/45274/
github	www.github.com/aas-n/CVE/tree/master/CVE-2018-15877
packetstormsecurity	www.packetstormsecurity.com/files/155502/WordPress-Plainview-Activity-Monitor-20161228-Remote-Command-Execution.html
packetstormsecurity	www.packetstormsecurity.com/files/163425/WordPress-Plainview-Activity-Monitor-20161228-Remote-Code-Execution.html

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

26 Aug 2018 00:00Current

3.4Low risk

Vulners AI Score3.4

EPSS0.84109