WordPress < 5.1.1 - Unauthenticated Remote Code Execution via CSRF and XSS in Comment Handling
Title source: llmExploitation Summary
EIP tracks 6 public exploits for CVE-2019-9787. PoCs published by sijiahi, rkatogit, kuangting4231.
AI-analyzed exploit summary This repository provides a proof-of-concept for CVE-2019-9787, a CSRF vulnerability in WordPress 5.0, along with a hash-based defense mechanism. It includes modified WordPress files to demonstrate the attack and a defense involving a 'doggyNonce' hash to verify the integrity of uploaded tag attributes.
Description
WordPress before 5.1.1 does not properly filter comment content, leading to Remote Code Execution by unauthenticated users in a default configuration. This occurs because CSRF protection is mishandled, and because Search Engine Optimization of A elements is performed incorrectly, leading to XSS. The XSS results in administrative access, which allows arbitrary changes to .php files. This is related to wp-admin/includes/ajax-actions.php and wp-includes/comment.php.
Exploits (6)
This repository provides a proof-of-concept for CVE-2019-9787, a CSRF vulnerability in WordPress 5.0, along with a hash-based defense mechanism. It includes modified WordPress files to demonstrate the attack and a defense involving a 'doggyNonce' hash to verify the integrity of uploaded tag attributes.
This repository contains a proof-of-concept for CVE-2019-9787, a CSRF vulnerability in WordPress 5.0 that can be exploited to perform actions on behalf of an authenticated user. The PoC demonstrates how an attacker can trick a logged-in user into posting a comment via a crafted link.
This repository provides a writeup and mitigation strategies for CVE-2019-9787, a WordPress vulnerability involving XSS and CSRF leading to RCE. It includes proof-of-concept examples and detailed mitigation steps.
This repository provides a proof-of-concept for CVE-2019-9787, a CSRF vulnerability in WordPress 5.1.1 that can be exploited to perform unauthorized actions, such as posting comments as an authenticated user. The PoC includes a Docker setup for testing the exploit in a controlled environment.
This repository provides a Docker-based proof-of-concept for CVE-2019-9787, a CSRF vulnerability in WordPress up to version 5.1. It demonstrates how an attacker can trick an admin into validating a malicious comment via a crafted link.
This repository contains a detailed writeup and documentation of vulnerabilities affecting older versions of WordPress, including CVE-2017-14719 (path traversal), CVE-2019-9787 (authenticated XSS), and an unauthenticated REST API content modification vulnerability. It includes steps to recreate the vulnerabilities, affected source code references, and screenshots.
References (8)
Scores
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H