Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 717646 (CVE-2019-9787)

Summary: <www-apps/wordpress-5.1.1: Remote Code Execution Vulnerability (CVE-2019-9787)
Product: Gentoo Security Reporter: GLSAMaker/CVETool Bot <glsamaker>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: trivial    
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: ~1 [noglsa cve]
Package list:
Runtime testing required: ---

Description GLSAMaker/CVETool Bot gentoo-dev 2020-04-16 02:32:50 UTC 
CVE-2019-9787 (https://nvd.nist.gov/vuln/detail/CVE-2019-9787):
  WordPress before 5.1.1 does not properly filter comment content, leading to
  Remote Code Execution by unauthenticated users in a default configuration.
  This occurs because CSRF protection is mishandled, and because Search Engine
  Optimization of A elements is performed incorrectly, leading to XSS. The XSS
  results in administrative access, which allows arbitrary changes to .php
  files. This is related to wp-admin/includes/ajax-actions.php and
  wp-includes/comment.php.


Opening this and closing
Comment 1 Yury German Gentoo Infrastructure gentoo-dev 2020-04-16 02:34:47 UTC 
No longer in tree.. closing.