Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistMitreCVELIST:CVE-2019-9787
HistoryMar 14, 2019 - 4:00 p.m.

CVE-2019-9787

2019-03-1416:00:00
mitre
raw.githubusercontent.com
2

8.8 High

AI Score

Confidence

High

0.837 High

EPSS

Percentile

98.4%

JSON

WordPress before 5.1.1 does not properly filter comment content, leading to Remote Code Execution by unauthenticated users in a default configuration. This occurs because CSRF protection is mishandled, and because Search Engine Optimization of A elements is performed incorrectly, leading to XSS. The XSS results in administrative access, which allows arbitrary changes to .php files. This is related to wp-admin/includes/ajax-actions.php and wp-includes/comment.php.

Related

githubexploit 4
veracode 1
openvas 3
debiancve 1
nessus 3
cve 1
checkpoint_advisories 1
prion 1
osv 2
wpvulndb 1
ubuntucve 1
debian 3
hackerone 1
githubexploit
githubexploit
Exploit for Cross-Site Request Forgery (CSRF) in Wordpress
2021-06-29 08:57:43
Exploit for Cross-Site Request Forgery (CSRF) in Wordpress
2020-05-01 13:44:10
Exploit for Cross-Site Request Forgery (CSRF) in Wordpress
2020-05-19 22:09:43
veracode
veracode
Cross-Site Request Forgery (CSRF)
2019-03-15 03:03:29
openvas
openvas
WordPress Multiple Vulnerabilities (Mar 2019) - Linux
2019-03-15 00:00:00
WordPress Multiple Vulnerabilities (Mar 2019) - Windows
2019-03-15 00:00:00
Debian: Security Advisory (DLA-1742-1)
2019-04-02 00:00:00
debiancve
debiancve
CVE-2019-9787
2019-03-14 16:29:00
nessus
nessus
WordPress < 5.1.1 Multiple Vulnerabilities
2019-03-14 00:00:00
Debian DLA-1742-1 : wordpress security update
2019-04-01 00:00:00
Debian DSA-4677-1 : wordpress - security update
2020-05-07 00:00:00
cve
cve
CVE-2019-9787
2019-03-14 16:29:00
checkpoint_advisories
checkpoint_advisories
WordPress Core Remote Code Execution (CVE-2019-9787)
2019-11-20 00:00:00
prion
prion
Design/Logic Flaw
2019-03-14 16:29:00
osv
osv
CVE-2019-9787
2019-03-14 16:29:00
wordpress - security update
2019-04-01 00:00:00
wpvulndb
wpvulndb
WordPress 3.9-5.1 - Comment Cross-Site Scripting (XSS)
2019-03-13 00:00:00
ubuntucve
ubuntucve
CVE-2019-9787
2019-03-14 00:00:00
debian
debian
[SECURITY] [DLA 1742-1] wordpress security update
2019-03-31 19:30:33
[SECURITY] [DSA 4677-1] wordpress security update
2020-05-06 06:30:09
[SECURITY] [DSA 4677-1] wordpress security update
2020-05-06 06:30:09
hackerone
hackerone
Nord Security: Version problem in wordpress leads to the many vulnearability
2019-12-05 10:21:54

8.8 High

AI Score

Confidence

High

0.837 High

EPSS

Percentile

98.4%

JSON
Related for CVELIST:CVE-2019-9787
githubexploit4veracode1openvas3debiancve1nessus3cve1checkpoint_advisories1prion1osv2wpvulndb1ubuntucve1debian3hackerone1