Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 717646 (CVE-2019-9787) - <www-apps/wordpress-5.1.1: Remote Code Execution Vulnerability (CVE-2019-9787)
Summary: <www-apps/wordpress-5.1.1: Remote Code Execution Vulnerability (CVE-2019-9787)
Alias: CVE-2019-9787
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal trivial (vote)
Assignee: Gentoo Security
Whiteboard: ~1 [noglsa cve]
Depends on:
Reported: 2020-04-16 02:32 UTC by GLSAMaker/CVETool Bot
Modified: 2020-04-16 02:34 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2020-04-16 02:32:50 UTC
CVE-2019-9787 (
  WordPress before 5.1.1 does not properly filter comment content, leading to
  Remote Code Execution by unauthenticated users in a default configuration.
  This occurs because CSRF protection is mishandled, and because Search Engine
  Optimization of A elements is performed incorrectly, leading to XSS. The XSS
  results in administrative access, which allows arbitrary changes to .php
  files. This is related to wp-admin/includes/ajax-actions.php and

Opening this and closing
Comment 1 Yury German Gentoo Infrastructure gentoo-dev 2020-04-16 02:34:47 UTC
No longer in tree.. closing.