PT-2019-13840 · WordPress · Toggle The Title

Published

2019-08-15

Updated

2019-08-21

CVE-2019-14795

CVSS v3.1

4.8

Medium

Vector

AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Toggle The Title plugin version 1.4

Description The issue concerns a problem with the Toggle The Title plugin for WordPress. It is possible to exploit this issue via the wp-admin/admin-ajax.php endpoint, specifically through the action=update title options parameter, by manipulating the isAutoSaveValveChecked or isDisableAllPagesValveChecked parameters. This can lead to a security issue.

Recommendations For Toggle The Title plugin version 1.4, consider disabling the update title options action in the wp-admin/admin-ajax.php endpoint until a patch is available. Avoid using the isAutoSaveValveChecked or isDisableAllPagesValveChecked parameters in the affected endpoint to minimize the risk of exploitation.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2019-14795

Affected Products

Toggle The Title

PT-2019-13840 · WordPress · Toggle The Title

CVE-2019-14795

Weakness Enumeration

Related Identifiers

Affected Products

References · 5