CVE-2019-11869
published 2019-05-09CVE-2019-11869: The Yuzo Related Posts plugin 5.12.94 for WordPress has XSS because it mistakenly expects that is_admin() verifies that the request comes from an admin user…
PriorityP279medium6.1CVSS 3.0
AVNACLPRNUIRSCCLILAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
5.33%
91.6th percentile
The Yuzo Related Posts plugin 5.12.94 for WordPress has XSS because it mistakenly expects that is_admin() verifies that the request comes from an admin user (it actually only verifies that the request is for an admin page). An unauthenticated attacker can inject a payload into the plugin settings, such as the yuzo_related_post_css_and_style setting.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| yuzopro | yuzo | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Probe for reflected/stored XSS by checking if 'alert(0);' appears in the response body of the WordPress front page after injecting into plugin settings
- →Confirm exploitation by verifying the response Content-Type is text/html
- →The vulnerability is exploitable by unauthenticated users because is_admin() only checks if the request targets an admin page, not whether the requester is an authenticated admin ↗
- ·Vulnerable version is specifically 5.12.94 of the Yuzo Related Posts WordPress plugin ↗
CVSS provenance
nvdv3.06.1MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vulncheck6.1MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-j5p6-8vxr-w5gp: The Yuzo Related Posts plugin 5
ghsa_unreviewed·2022-05-24
CVE-2019-11869 [MEDIUM] GHSA-j5p6-8vxr-w5gp: The Yuzo Related Posts plugin 5
The Yuzo Related Posts plugin 5.12.94 for WordPress has XSS because it mistakenly expects that is_admin() verifies that the request comes from an admin user (it actually only verifies that the request is for an admin page). An unauthenticated attacker can inject a payload into the plugin settings, such as the yuzo_related_post_css_and_style setting.
VulnCheck
yuzopro yuzo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
vulncheck·2019·CVSS 6.1
CVE-2019-11869 [MEDIUM] yuzopro yuzo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
yuzopro yuzo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The Yuzo Related Posts plugin 5.12.94 for WordPress has XSS because it mistakenly expects that is_admin() verifies that the request comes from an admin user (it actually only verifies that the request is for an admin page). An unauthenticated attacker can inject a payload into the plugin settings, such as the yuzo_related_post_css_and_style setting.
Affected: yuzopro yuzo
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://nvd.nist.gov/vuln/detail/CVE-2019-11869
No detection rules found.
Nuclei
WordPress Yuzo <5.12.94 - Cross-Site Scripting
nuclei·CVSS 6.1
CVE-2019-11869 [MEDIUM] WordPress Yuzo <5.12.94 - Cross-Site Scripting
WordPress Yuzo alert(0);
- |
GET / HTTP/1.1
Host: {{Hostname}}
matchers-condition: and
matchers:
- type: dsl
dsl:
- 'contains(body_2, "alert(0);")'
- type: dsl
dsl:
- "contains(tolower(header_2), 'text/html')"
# digest: 4b0a004830460221008aa60cdf3ee9baa220f5f331d598cd092525b678f8261a0d48e405e4036894e802210094f66464e677cc58960628cd0661c9fe35c34d18c1e012c4ddb69e5b7a620c7c:922c64590222798bb761d5b6d8e72950
https://wpvulndb.com/vulnerabilities/9254https://www.pluginvulnerabilities.com/2019/03/30/wordpress-plugin-team-paints-target-on-exploitable-settings-change-vulnerability-that-permits-persistent-xss-in-related-posts/https://www.wordfence.com/blog/2019/04/yuzo-related-posts-zero-day-vulnerability-exploited-in-the-wild/https://wpvulndb.com/vulnerabilities/9254https://www.pluginvulnerabilities.com/2019/03/30/wordpress-plugin-team-paints-target-on-exploitable-settings-change-vulnerability-that-permits-persistent-xss-in-related-posts/https://www.wordfence.com/blog/2019/04/yuzo-related-posts-zero-day-vulnerability-exploited-in-the-wild/
2019-05-09
Published
Exploited in the wild