PT-2019-16028 · WordPress · Wp Maintenance

Publicado

2019-12-26

Atualizado

2020-08-24

CVE-2019-19979

CVSS v3.1

8.8

Alta

Vetor

AC:L/AV:N/A:H/C:L/I:L/PR:N/S:C/UI:R

Name of the Vulnerable Software and Affected Versions WP Maintenance versions prior to 5.0.6

Description A flaw in the WordPress plugin allowed attackers to enable a vulnerable site's maintenance mode and inject malicious code affecting site visitors. This issue involved CSRF with resultant XSS.

Recommendations For versions prior to 5.0.6, update to version 5.0.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the maintenance mode feature until a patch is applied.

Exploit

Correção

CSRF

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-352CWE-79

Identificadores relacionados

CVE-2019-19979

Produtos afetados

Wp Maintenance

PT-2019-16028 · WordPress · Wp Maintenance

CVE-2019-19979

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4