CVE-2019-9912
published 2019-03-22CVE-2019-9912: The wp-google-maps plugin before 7.10.43 for WordPress has XSS via the wp-admin/admin.php PATH_INFO.
PriorityP338medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
3.03%
85.8th percentile
The wp-google-maps plugin before 7.10.43 for WordPress has XSS via the wp-admin/admin.php PATH_INFO.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| codecabin | wp_go_maps | < 7.10.43 | 7.10.43 |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
WP Google Maps < 7.10.43 - Cross-Site Scripting
nuclei·CVSS 6.1
CVE-2019-9912 [MEDIUM] WP Google Maps < 7.10.43 - Cross-Site Scripting
WP Google Maps ?page=wp-google-maps-menu&action=foo"
matchers-condition: and
matchers:
- type: word
part: body
words:
- ">"
- type: word
part: content_type
words:
- text/html
- type: status
status:
- 200
# digest: 490a0046304402206f6e538f81e0e7bcf2e7e99a7503d8c70d6cef00f8581d1afaaf8ff42302b2b102207298eb93042124dc1ad9d8bb4a5dcaa273738047fb51ed2743af06fd5cdb6665:922c64590222798bb761d5b6d8e72950
Bugzilla
CVE-2019-17670 wordpress: Server-side request forgery vulnerability because Windows paths are mishandled during certain validation of relative URLs
bugzilla·2019-11-26·CVSS 9.8
CVE-2019-17670 [CRITICAL] CVE-2019-17670 wordpress: Server-side request forgery vulnerability because Windows paths are mishandled during certain validation of relative URLs
CVE-2019-17670 wordpress: Server-side request forgery vulnerability because Windows paths are mishandled during certain validation of relative URLs
WordPress before 5.2.4 has a Server Side Request Forgery (SSRF) vulnerability because Windows paths are mishandled during certain validation of relative URLs.
Reference:
https://wpvulndb.com/vulnerabilities/9912
Upstream commit:
https://github.com/WordPress/WordPress/commit/9db44754b9e4044690a6c32fd74b9d5fe26b07b2
Discussion:
Created wordpress tracking bugs for this issue:
Affects: epel-6 [bug 1776964]
Affects: epel-7 [bug 1776965]
Affects: fedora-all [bug 1776963]
---
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dep
Bugzilla
CVE-2019-17669 wordpress: Server-side request forgery vulnerability because URL validation does not consider the interpretation of a name as a series of hex characters
bugzilla·2019-11-26·CVSS 9.8
CVE-2019-17669 [CRITICAL] CVE-2019-17669 wordpress: Server-side request forgery vulnerability because URL validation does not consider the interpretation of a name as a series of hex characters
CVE-2019-17669 wordpress: Server-side request forgery vulnerability because URL validation does not consider the interpretation of a name as a series of hex characters
WordPress before 5.2.4 has a Server Side Request Forgery (SSRF) vulnerability because URL validation does not consider the interpretation of a name as a series of hex characters.
Reference:
https://wpvulndb.com/vulnerabilities/9912
Upstream commit:
https://github.com/WordPress/WordPress/commit/608d39faed63ea212b6c6cdf9fe2bef92e2120ea
Discussion:
Created wordpress tracking bugs for this issue:
Affects: epel-6 [bug 1776971]
Affects: epel-7 [bug 1776972]
Affects: fedora-all [bug 1776970]
---
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially sup
http://seclists.org/fulldisclosure/2019/Mar/41https://lists.openwall.net/full-disclosure/2019/02/05/13https://security-consulting.icu/blog/2019/02/wordpress-wpgooglemaps-xss/http://seclists.org/fulldisclosure/2019/Mar/41https://lists.openwall.net/full-disclosure/2019/02/05/13https://security-consulting.icu/blog/2019/02/wordpress-wpgooglemaps-xss/
2019-03-22
Published