PT-2019-5212 · WordPress · Wordpress

Irsdl

+1

·

Publicado

2019-09-11

·

Atualizado

2023-01-31

·

CVE-2019-16222

CVSS v3.1

6.1

Média

VetorAV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Name of the Vulnerable Software and Affected Versions WordPress versions prior to 5.2.3
Description The issue is related to incorrect URL sanitization in the wp kses bad protocol once function, which can lead to cross-site scripting (XSS) attacks. This could allow a remote attacker to compromise data integrity.
Recommendations For WordPress versions prior to 5.2.3, update to version 5.2.3 or later to resolve the issue. As a temporary workaround, consider restricting access to potentially vulnerable URL endpoints until the update is applied.

Exploit

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

BDU:2020-01941
CVE-2019-16222
DLA-1960-1
DSA-4599-1
DSA-4677-1

Produtos afetados

Wordpress