717646 – (CVE-2019-9787) <www-apps/wordpress-5.1.1: Remote Code Execution Vulnerability (CVE-2019-9787)

Bug 717646 (CVE-2019-9787) - <www-apps/wordpress-5.1.1: Remote Code Execution Vulnerability (CVE-2019-9787)

Summary: <www-apps/wordpress-5.1.1: Remote Code Execution Vulnerability (CVE-2019-9787)

Status:	RESOLVED FIXED

Alias:	CVE-2019-9787

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal trivial (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:	~1 [noglsa cve]
Keywords:

Depends on:
Blocks:

Reported:	2020-04-16 02:32 UTC by GLSAMaker/CVETool Bot
Modified:	2020-04-16 02:34 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description GLSAMaker/CVETool Bot gentoo-dev

2020-04-16 02:32:50 UTC

CVE-2019-9787 (https://nvd.nist.gov/vuln/detail/CVE-2019-9787):
  WordPress before 5.1.1 does not properly filter comment content, leading to
  Remote Code Execution by unauthenticated users in a default configuration.
  This occurs because CSRF protection is mishandled, and because Search Engine
  Optimization of A elements is performed incorrectly, leading to XSS. The XSS
  results in administrative access, which allows arbitrary changes to .php
  files. This is related to wp-admin/includes/ajax-actions.php and
  wp-includes/comment.php.


Opening this and closing

Comment 1 Yury German Gentoo Infrastructure

2020-04-16 02:34:47 UTC

No longer in tree.. closing.