CVE-2019-9787

This repository provides a proof-of-concept for CVE-2019-9787, a CSRF vulnerability in WordPress 5.0, along with a hash-based defense mechanism. It includes modified WordPress files to demonstrate the attack and a defense involving a 'doggyNonce' hash to verify the integrity of uploaded tag attributes.

This repository contains a proof-of-concept for CVE-2019-9787, a CSRF vulnerability in WordPress 5.0 that can be exploited to perform actions on behalf of an authenticated user. The PoC demonstrates how an attacker can trick a logged-in user into posting a comment via a crafted link.

This repository provides a writeup and mitigation strategies for CVE-2019-9787, a WordPress vulnerability involving XSS and CSRF leading to RCE. It includes proof-of-concept examples and detailed mitigation steps.

This repository provides a proof-of-concept for CVE-2019-9787, a CSRF vulnerability in WordPress 5.1.1 that can be exploited to perform unauthorized actions, such as posting comments as an authenticated user. The PoC includes a Docker setup for testing the exploit in a controlled environment.

This repository provides a Docker-based proof-of-concept for CVE-2019-9787, a CSRF vulnerability in WordPress up to version 5.1. It demonstrates how an attacker can trick an admin into validating a malicious comment via a crafted link.

This repository contains a detailed writeup and documentation of vulnerabilities affecting older versions of WordPress, including CVE-2017-14719 (path traversal), CVE-2019-9787 (authenticated XSS), and an unauthenticated REST API content modification vulnerability. It includes steps to recreate the vulnerabilities, affected source code references, and screenshots.