ThreatPress

WordPress Vulnerabilities Database

Back

WordPress 3.7-5.0 (except 4.9.9) - Authenticated Code Execution vulnerability

Product
WordPress
Description
Authenticated Code Execution vulnerability found by Simon Scannell (RIPS Technologies) in WordPress (versions 3.7-5.0, except 4.9.9).
Solution
Update WordPress to the latest available version (at least 5.0.1 or 4.9.9).
Classification
Type Arbitrary File Download
OWASP Top 10 A1: Injection
References
Changelog
CVE
Name CVE-2019-8942
Versions
Affected In 3.7-4.9.8, 5.0
Fixed In 4.9.9, 5.0.1
Disclosure date
2019-02-28
Credits
RIPS Technologies
Submitter
ThreatPress