← Voltar para CVEs
CVE-2019-12826
N/ADescricao
A Cross-Site-Request-Forgery (CSRF) vulnerability in widget_logic.php in the 2by2host Widget Logic plugin before 5.10.2 for WordPress allows remote attackers to execute PHP code via snippets (that are attached to widgets and then eval'd to dynamically determine their visibility) by crafting a malicious POST request that tricks administrators into adding the code.
Detalhes CVE
Pontuacao CVSS v3.1N/A
Publicado7/1/2019
Ultima modificacao11/21/2024
Fontenvd
Avistamentos honeypot0
Produtos afetados
wpchef:widget_logic
Fraquezas (CWE)
CWE-352
Referencias
https://dannewitz.ninja/posts/widget-logic-csrf-to-rce(cve@mitre.org)
https://wpvulndb.com/vulnerabilities/9403(cve@mitre.org)
https://wpvulndb.com/vulnerabilities/9413(cve@mitre.org)
https://dannewitz.ninja/posts/widget-logic-csrf-to-rce(af854a3a-2127-422b-91ae-364da2661108)
https://plugins.trac.wordpress.org/changeset/2112753/widget-logic(af854a3a-2127-422b-91ae-364da2661108)
https://wpvulndb.com/vulnerabilities/9403(af854a3a-2127-422b-91ae-364da2661108)
https://wpvulndb.com/vulnerabilities/9413(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.