Vulnerability CVE-2018-20151


Published: 2018-12-14

Description:
In WordPress before 4.9.9 and 5.x before 5.0.1, the user-activation page could be read by a search engine's web crawler if an unusual configuration were chosen. The search engine could then index and display a user's e-mail address and (rarely) the password that was generated by default.

Type:

CWE-200

(Information Exposure)

Vendor: Debian
Product: Debian linux 
Version: 9.0; 8.0;
Vendor: Wordpress
Product: Wordpress 
Version:
5.0
4.9.8
4.9.7
4.9.6
4.9.5
4.9.4
4.9.3
4.9.2
4.9.1
4.9
4.8.8
4.8.7
4.8.6
4.8.5
4.8.4
4.8.3
4.8.2
4.8.1
4.8
4.7.9
4.7.8
4.7.7
4.7.6
4.7.5
4.7.4
4.7.3
4.7.2
4.7.12
4.7.11
4.7.10
4.7.1
4.7
4.6.9
4.6.8
4.6.7
4.6.6
4.6.5
4.6.4
4.6.3
4.6.2
4.6.13
4.6.12
4.6.11
4.6.10
4.6.1
4.6
4.5.9
4.5.8
4.5.7
4.5.6
4.5.5
4.5.4
4.5.3
4.5.2
4.5.16
4.5.15
4.5.14
4.5.13
4.5.12
4.5.11
4.5.10
4.5.1
4.5
4.4.9
4.4.8
4.4.7
4.4.6
4.4.5
4.4.4
4.4.3
4.4.2
4.4.17
4.4.16
4.4.15
4.4.14
4.4.13
4.4.12
4.4.11
4.4.10
4.4.1
4.4.0
4.4
4.3.9
4.3.8
4.3.7
4.3.6
4.3.5
4.3.4
4.3.3
4.3.2
4.3.18
4.3.17
4.3.16
4.3.15
4.3.14
4.3.13
4.3.12
4.3.11
See more versions on NVD

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None

 References:
http://www.securityfocus.com/bid/106220
https://codex.wordpress.org/Version_4.9.9
https://lists.debian.org/debian-lts-announce/2019/02/msg00019.html
https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
https://wordpress.org/support/wordpress-version/version-5-0-1/
https://wpvulndb.com/vulnerabilities/9174
https://www.debian.org/security/2019/dsa-4401
https://www.zdnet.com/article/wordpress-plugs-bug-that-led-to-google-indexing-some-user-passwords/

Related CVE
CVE-2017-6514
WordPress 4.7.2 mishandles listings of post authors, which allows remote attackers to obtain sensitive information (Path Disclosure) via a /wp-json/oembed/1.0/embed?url= request, related to the "author_name":" substring.
CVE-2019-9787
WordPress before 5.1.1 does not properly filter comment content, leading to Remote Code Execution by unauthenticated users in a default configuration. This occurs because CSRF protection is mishandled, and because Search Engine Optimization of A elem...
CVE-2019-8943
WordPress through 5.0.3 allows Path Traversal in wp_crop_image(). An attacker (who has privileges to crop an image) can write the output image to an arbitrary directory via a filename containing two image extensions and ../ sequences, such as a filen...
CVE-2019-8942
WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code execution because an _wp_attached_file Post Meta entry can be changed to an arbitrary string, such as one ending with a .jpg?file.php substring. An attacker with author privileges can exe...
CVE-2018-20153
In WordPress before 4.9.9 and 5.x before 5.0.1, contributors could modify new comments made by users with greater privileges, possibly causing XSS.
CVE-2018-20152
In WordPress before 4.9.9 and 5.x before 5.0.1, authors could bypass intended restrictions on post types via crafted input.
CVE-2018-20150
In WordPress before 4.9.9 and 5.x before 5.0.1, crafted URLs could trigger XSS for certain use cases involving plugins.
CVE-2018-20149
In WordPress before 4.9.9 and 5.x before 5.0.1, when the Apache HTTP Server is used, authors could upload crafted files that bypass intended MIME type restrictions, leading to XSS, as demonstrated by a .jpg file without JPEG data.

Copyright 2019, cxsecurity.com

 

Back to Top