What is CVE-2019-9787?

CVE-2019-9787 is a vulnerability in N/a. Published 2019-03-14.

Is CVE-2019-9787 known to be exploited?

27 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2019-9787

WordPress before 5.1.1 does not properly filter comment content, leading to Remote Code Execution by unauthenticated users in a default configuration. This occurs because CSRF protection is mishandled, and because Search Engine Optimizatio…

EPSS: 0.810 (99.2th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

References

blog.ripstech.com/2019/wordpress-csrf-to-rce/ (x_refsource_MISC)
wordpress.org/news/2019/03/wordpress-5-1-1-security-and-maintenance-release/ (x_refsource_MISC)
github.com/WordPress/WordPress/commit/0292de60ec78c5a44956765189403654fe4d080b (x_refsource_MISC)
wpvulndb.com/vulnerabilities/9230 (x_refsource_MISC)
107411 (vdb-entry, x_refsource_BID)
wordpress.org/support/wordpress-version/version-5-1-1/ (x_refsource_MISC)
[debian-lts-announce] 20190331 [SECURITY] [DLA 1742-1] wordpress security update (mailing-list, x_refsource_MLIST)
DSA-4677 (vendor-advisory, x_refsource_DEBIAN)

Frequently asked questions

What is CVE-2019-9787?: CVE-2019-9787 is a vulnerability in N/a. Published 2019-03-14.
Is CVE-2019-9787 known to be exploited?: 27 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.