Lucene search
+L

CVE-2019-9787

🗓️ 14 Mar 2019 16:00:00Reported by mitreType 
cve
 cve
🔗 web.nvd.nist.gov👁 270 Views🌐 WEB

WordPress before 5.1.1 allows Remote Code Execution by unauthenticated users due to mishandled CSRF protection and incorrect Search Engine Optimization, leading to XSS and administrative access

Related
Detection
Refs
Paths
NVD
Node
ParameterPositionPathDescriptionCWE
commentrequest bodywp-comments-post.phpCSRF vulnerability in WordPress before 5.1.1 enabling comment-based actions that can lead to XSS/RCE under default configCWE-352
comment_post_IDrequest bodywp-comments-post.phpCSRF vulnerability in WordPress before 5.1.1 enabling comment-based actions that can lead to XSS/RCE under default configCWE-352
authorrequest bodywp-comments-post.phpCSRF vulnerability in WordPress before 5.1.1 enabling comment-based actions that can lead to XSS/RCE under default configCWE-352
emailrequest bodywp-comments-post.phpCSRF vulnerability in WordPress before 5.1.1 enabling comment-based actions that can lead to XSS/RCE under default configCWE-352
urlrequest bodywp-comments-post.phpCSRF vulnerability in WordPress before 5.1.1 enabling comment-based actions that can lead to XSS/RCE under default configCWE-352
actionpathwp-admin/includes/ajax-actions.phpAJAX endpoint mentioned in relation to the vulnerability; potential CSRF/XSS vector via admin AJAX actionsCWE-352
_wpnoncepathwp-admin/includes/ajax-actions.phpAJAX endpoint mentioned in relation to the vulnerability; potential CSRF/XSS vector via admin AJAX actionsCWE-352
comment_contentpathwp-includes/comment.phpComment processing path implicated in the CSRF/XSS flow described in the documentCWE-352
comment_approvedpathwp-includes/comment.phpComment processing path implicated in the CSRF/XSS flow described in the documentCWE-352
comment_post_IDpathwp-includes/comment.phpComment processing path implicated in the CSRF/XSS flow described in the documentCWE-352
Rows per page

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

17 Jun 2026 02:44Current
8.5High risk
Vulners AI Score8.5
CVSS 26.8
CVSS 38.8
EPSS0.4375
270