cve/CVE-2019-11869.md at 7482ec4521a75dd13882dc1283f17009c936e974

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-05-28 01:04:30 +00:00

0xMarcio ba290685fe Update CVE sources 2024-06-09 00:33

2024-06-09 00:33:16 +00:00

Description

The Yuzo Related Posts plugin 5.12.94 for WordPress has XSS because it mistakenly expects that is_admin() verifies that the request comes from an admin user (it actually only verifies that the request is for an admin page). An unauthenticated attacker can inject a payload into the plugin settings, such as the yuzo_related_post_css_and_style setting.

POC

Reference

https://wpvulndb.com/vulnerabilities/9254
https://wpvulndb.com/vulnerabilities/9254
https://www.wordfence.com/blog/2019/04/yuzo-related-posts-zero-day-vulnerability-exploited-in-the-wild/
https://www.wordfence.com/blog/2019/04/yuzo-related-posts-zero-day-vulnerability-exploited-in-the-wild/

Github

https://github.com/ARPSyndicate/kenzer-templates
https://github.com/Elsfa7-110/kenzer-templates
https://github.com/merlinepedra/nuclei-templates
https://github.com/merlinepedra25/nuclei-templates
https://github.com/sobinge/nuclei-templates

1.3 KiB Raw Blame History

CVE-2019-11869

Description

POC

Reference

Github

1.3 KiB

Raw Blame History