CVE-2019-25215

Name of the Vulnerable Software and Affected Versions ARI-Adminer plugin for WordPress versions up to, and including, 1.1.14

Description The ARI-Adminer plugin for WordPress is vulnerable to authorization bypass due to a lack of file access controls in nearly every file of the plugin. This makes it possible for unauthenticated attackers to call the files directly and perform a wide variety of unauthorized actions, such as accessing a site's database and making changes.

Recommendations For versions up to, and including, 1.1.14, update to the latest version to mitigate risks. As a temporary workaround, consider restricting access to the plugin's files to minimize the risk of exploitation. Avoid using the vulnerable plugin until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability, so updating to the latest version is the recommended course of action.