PT-2018-14943 · Yoast · Yoast Seo

Published

2018-11-28

Updated

2019-01-31

CVE-2018-19370

CVSS v3.1

6.6

Medium

Vector

AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Yoast SEO (wordpress-seo) plugin versions prior to 9.2.0

Description A race condition issue in the unzip file function within the admin/import/class-import-settings.php file of the Yoast SEO plugin allows an SEO Manager to execute commands on the operating system through a ZIP import.

Recommendations For versions prior to 9.2.0, update to version 9.2.0 or later to resolve the issue.

Exploit

Fix

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-362

Related Identifiers

CVE-2018-19370

Affected Products

Yoast Seo

PT-2018-14943 · Yoast · Yoast Seo

CVE-2018-19370

Weakness Enumeration

Related Identifiers

Affected Products

References · 5