Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2019-9787

EPSS 81.02% · P99
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2019-9787

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
WordPress before 5.1.1 does not properly filter comment content, leading to Remote Code Execution by unauthenticated users in a default configuration. This occurs because CSRF protection is mishandled, and because Search Engine Optimization of A elements is performed incorrectly, leading to XSS. The XSS results in administrative access, which allows arbitrary changes to .php files. This is related to wp-admin/includes/ajax-actions.php and wp-includes/comment.php.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
WordPress 跨站请求伪造漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
WordPress是WordPress基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。 WordPress 5.1.1之前版本中存在安全漏洞,该漏洞源于程序没有正确地过滤评论内容。远程攻击者可利用该漏洞执行代码并控制WordPress网站。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Shenlong Deep Dive — AI Deep Analysis

10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.

Read summary Full analysis (login)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2019-9787

#POC DescriptionSource LinkShenlong Link
1Nonehttps://github.com/rkatogit/cve-2019-9787_csrf_pocPOC Details
2This is a recurrence of cve-2019-9787 on Wordpress and a hash-based defense.https://github.com/sijiahi/Wordpress_cve-2019-9787_defensePOC Details
3Try to reproduce this issue with Dockerhttps://github.com/matinciel/Wordpress_CVE-2019-9787POC Details
4Overview PoC of CSRF CVE-2019-9787 WordPress Version 5.1.1 https://github.com/dexXxed/CVE-2019-9787POC Details
5Nonehttps://github.com/kuangting4231/mitigation-cve-2019-9787POC Details
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2019-9787

登录查看更多情报信息。

Same Patch Batch · n/a · 2019-03-14 · 23 CVEs total

CVE-2019-9773GNU LibreDWG 缓冲区错误漏洞
CVE-2019-9825FeiFeiCms 安全漏洞
CVE-2019-0135Intel Rapid Storage Technology enterprise Intel Accelerated Storage Manager 权限许可和访问控制问题漏洞
CVE-2018-20801Highcharts JS 安全漏洞
CVE-2019-9785gitnote 输入验证错误漏洞
CVE-2019-9779GNU LibreDWG 代码问题漏洞
CVE-2019-9778GNU LibreDWG 缓冲区错误漏洞
CVE-2019-9777GNU LibreDWG 缓冲区错误漏洞
CVE-2019-9776GNU LibreDWG 代码问题漏洞
CVE-2019-9775GNU LibreDWG 缓冲区错误漏洞
CVE-2019-9774GNU LibreDWG 缓冲区错误漏洞
CVE-2019-9760FTPGetter 缓冲区错误漏洞
CVE-2019-9772GNU LibreDWG 代码问题漏洞
CVE-2019-9771GNU LibreDWG 代码问题漏洞
CVE-2019-9770GNU LibreDWG 缓冲区错误漏洞
CVE-2019-9769PilusCart 跨站请求伪造漏洞
CVE-2019-9768Thinkst Canarytokens 权限许可和访问控制问题漏洞
CVE-2019-9767Free MP3 CD Ripper 缓冲区错误漏洞
CVE-2019-9766Free MP3 CD Ripper 缓冲区错误漏洞
CVE-2019-9765Blog_mini 跨站脚本漏洞

Showing top 20 of 23 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2019-9787

No comments yet

Leave a comment