Insert or Embed Articulate Content into WordPress <= 4.2998 - Authenticated RCE



Description
Original issue fixed in 4.2998. However, it was also be possible to upload via articulate_upload_ajax_file() AJAX method which was lacking authorisation checks and has been fixed in 4.2999

Affects Plugin

References

CVE 2019-15649
EXPLOITDB 46981
PACKETSTORM 153250

Classification

Type RCE
OWASP Top 10 A1: Injection
CWE CWE-94

Miscellaneous

Views 1917
Verified No
WPVDB ID 9415

Timeline

Publicly Published 2019-06-11 (5 months ago)
Added 2019-07-02 (4 months ago)
Last Updated 2019-08-27 (3 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin