CVE Vulnerability

CVE-2018-20149

In WordPress before 4.9.9 and 5.x before 5.0.1, when the Apache HTTP Server is used, authors could upload crafted files that bypass intended MIME type restrictions, leading to XSS, as demonstrated by a .jpg file without JPEG data.

3.5 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 6.8 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

Scope

5.4 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.3 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/ Vendor Advisory Release Notes
https://github.com/WordPress/WordPress/commit/246a70bdbfac3bd45ff71c7941deef1bb206b19a Patch Third Party Advisory
https://www.zdnet.com/article/wordpress-plugs-bug-that-led-to-google-indexing-some-user-passwords/ Press/Media Coverage Third Party Advisory
https://wordpress.org/support/wordpress-version/version-5-0-1/ Release Notes Vendor Advisory
https://codex.wordpress.org/Version_4.9.9 Product Vendor Advisory
https://wpvulndb.com/vulnerabilities/9175 Vendor Advisory
http://www.securityfocus.com/bid/106220 Third Party Advisory VDB Entry
https://lists.debian.org/debian-lts-announce/2019/02/msg00019.html Mailing List Third Party Advisory
https://www.debian.org/security/2019/dsa-4401 Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Information

Published : 2018-12-14 08:29

Updated : 2019-03-04 02:20

NVD link : CVE-2018-20149

Mitre link : CVE-2018-20149

Products Affected
No products.
CWE
CWE-79