Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:CVE-2019-9787
HistoryMar 14, 2019 - 4:29 p.m.

CVE-2019-9787

2019-03-1416:29:00
Google
osv.dev
6

6.8 Medium

AI Score

Confidence

High

0.837 High

EPSS

Percentile

98.5%

JSON

WordPress before 5.1.1 does not properly filter comment content, leading to Remote Code Execution by unauthenticated users in a default configuration. This occurs because CSRF protection is mishandled, and because Search Engine Optimization of A elements is performed incorrectly, leading to XSS. The XSS results in administrative access, which allows arbitrary changes to .php files. This is related to wp-admin/includes/ajax-actions.php and wp-includes/comment.php.

Related

veracode 1
openvas 3
debiancve 1
githubexploit 4
cve 1
nessus 3
checkpoint_advisories 1
prion 1
ubuntucve 1
wpvulndb 1
cvelist 1
nvd 1
debian 3
osv 1
hackerone 1
veracode
veracode
Cross-Site Request Forgery (CSRF)
2019-03-15 03:03:29
openvas
openvas
WordPress Multiple Vulnerabilities (Mar 2019) - Linux
2019-03-15 00:00:00
WordPress Multiple Vulnerabilities (Mar 2019) - Windows
2019-03-15 00:00:00
Debian: Security Advisory (DLA-1742-1)
2019-04-02 00:00:00
debiancve
debiancve
CVE-2019-9787
2019-03-14 16:29:00
githubexploit
githubexploit
Exploit for Cross-Site Request Forgery (CSRF) in Wordpress
2020-05-01 13:44:10
Exploit for Cross-Site Request Forgery (CSRF) in Wordpress
2020-05-19 22:09:43
Exploit for Cross-Site Request Forgery (CSRF) in Wordpress
2021-06-29 08:57:43
cve
cve
CVE-2019-9787
2019-03-14 16:29:00
nessus
nessus
WordPress < 5.1.1 Multiple Vulnerabilities
2019-03-14 00:00:00
Debian DLA-1742-1 : wordpress security update
2019-04-01 00:00:00
Debian DSA-4677-1 : wordpress - security update
2020-05-07 00:00:00
checkpoint_advisories
checkpoint_advisories
WordPress Core Remote Code Execution (CVE-2019-9787)
2019-11-20 00:00:00
prion
prion
Design/Logic Flaw
2019-03-14 16:29:00
ubuntucve
ubuntucve
CVE-2019-9787
2019-03-14 00:00:00
wpvulndb
wpvulndb
WordPress 3.9-5.1 - Comment Cross-Site Scripting (XSS)
2019-03-13 00:00:00
cvelist
cvelist
CVE-2019-9787
2019-03-14 16:00:00
nvd
nvd
CVE-2019-9787
2019-03-14 16:29:00
debian
debian
[SECURITY] [DLA 1742-1] wordpress security update
2019-03-31 19:30:33
[SECURITY] [DSA 4677-1] wordpress security update
2020-05-06 06:30:09
[SECURITY] [DSA 4677-1] wordpress security update
2020-05-06 06:30:09
osv
osv
wordpress - security update
2019-04-01 00:00:00
hackerone
hackerone
Nord Security: Version problem in wordpress leads to the many vulnearability
2019-12-05 10:21:54

6.8 Medium

AI Score

Confidence

High

0.837 High

EPSS

Percentile

98.5%

JSON
Related for OSV:CVE-2019-9787
veracode1openvas3debiancve1githubexploit4cve1nessus3checkpoint_advisories1prion1ubuntucve1wpvulndb1cvelist1nvd1debian3osv1hackerone1