Ad Inserter <= 2.4.19 - Authenticated Path Traversal



Description
Edit (WPScanTeam):

Even though the original advisory mentions that it only affect accounts with the administrator privilege, subscriber accounts and above can exploit the issue, as the nonce can be retrieved when submitting a request with a specific cookie, as described at https://www.wordfence.com/blog/2019/07/critical-vulnerability-patched-in-ad-inserter-plugin/

Affects Plugin

fixed in version 2.4.20

References

CVE 2019-15323
URL https://www.synacktiv.com/ressources/advisories/WordPress_ad_inserter.pdf

Classification

Type TRAVERSAL
OWASP Top 10 A1: Injection
CWE CWE-22

Miscellaneous

Original Researcher Wilfried Becard (Synacktiv.com)
Views 1896
Verified Yes
WPVDB ID 9453

Timeline

Publicly Published 2019-07-12 (4 months ago)
Added 2019-07-12 (4 months ago)
Last Updated 2019-08-22 (3 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin