Insert or Embed Articulate Content into WordPress <= 4.2998 - Authenticated RCE



Description
Original issue fixed in 4.2998. However, it was also be possible to upload via articulate_upload_ajax_file() AJAX method which was lacking authorisation checks and has been fixed in 4.2999

Affects Plugin

References

CVE 2019-15649
EXPLOITDB 46981
PACKETSTORM 153250

Classification

Type RCE
OWASP Top 10 A1: Injection
CWE CWE-94

Miscellaneous

Views 2321
Verified No
WPVDB ID 9415

Timeline

Publicly Published 2019-06-11 (10 months ago)
Added 2019-07-02 (9 months ago)
Last Updated 2019-11-28 (4 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin