Rewterz Threat Alert – Malware Campaign Associated With EmpireMonkey Group
March 18, 2019Rewterz Threat Alert – STOP Ransomware has a New Feature – Azorult
March 19, 2019Rewterz Threat Alert – Malware Campaign Associated With EmpireMonkey Group
March 18, 2019Rewterz Threat Alert – STOP Ransomware has a New Feature – Azorult
March 19, 2019Severity
Low
Analysis Summary
CVE-2019-9787
WordPress does not properly filter comment content, leading to remote code execution by unauthenticated users in a default configuration. This occurs because CSRF protection is mishandled, and because search engine optimization of A elements is performed incorrectly, leading to XSS. The XSS results in administrative access, which allows arbitrary changes to .php files. This is related to wp-admin/includes/ajax-actions.php and wp-includes/comment.php.
Impact
Cross site scripting
Affected Products
WordPress 5.x
The vulnerability is reported in versions prior to 5.1.1.
Remediation
Update to version 5.1.1.