CVE-2019-8942

Published: Feb 20, 2019Modified: Jun 17, 2026

8.8

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code execution because an _wp_attached_file Post Meta entry can be changed to an arbitrary string, such as one ending with a .jpg?file.php substring. An attacker with author privileges can execute arbitrary code by uploading a crafted image containing PHP code in the Exif metadata. Exploitation can leverage CVE-2019-8943.

Affected (11)

Products: Wordpress: Wordpress · Debian: Debian Linux

1 product

1 product

Configuration A

10 vulnerable

Vulnerable Software	Affected Versions
Wordpress Wordpress	Before 4.9.9
Wordpress Wordpress	Version 5.0
Wordpress Wordpress	Version 5.0 beta1
Wordpress Wordpress	Version 5.0 beta2
Wordpress Wordpress	Version 5.0 beta3
Wordpress Wordpress	Version 5.0 beta4
Wordpress Wordpress	Version 5.0 beta5
Wordpress Wordpress	Version 5.0 rc1
Wordpress Wordpress	Version 5.0 rc2
Wordpress Wordpress	Version 5.0 rc3

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 9.0

Related CWEs

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (18)

http://packetstormsecurity.com/files/152396/WordPress-5.0.0-crop-image-Shell-Upload.html

Source: cve@mitre.org

ExploitThird Party AdvisoryVDB Entry

http://www.rapid7.com/db/modules/exploit/multi/http/wp_crop_rce

Source: cve@mitre.org

ExploitThird Party Advisory

http://www.securityfocus.com/bid/107088

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://blog.ripstech.com/2019/wordpress-image-remote-code-execution/

Source: cve@mitre.org

ExploitThird Party Advisory

https://lists.debian.org/debian-lts-announce/2019/03/msg00044.html

Source: cve@mitre.org

ExploitThird Party Advisory

https://wpvulndb.com/vulnerabilities/9222

Source: cve@mitre.org

Third Party Advisory

https://www.debian.org/security/2019/dsa-4401

Source: cve@mitre.org

Third Party Advisory

https://www.exploit-db.com/exploits/46511/

Source: cve@mitre.org

ExploitThird Party AdvisoryVDB Entry

https://www.exploit-db.com/exploits/46662/

Source: cve@mitre.org

ExploitThird Party AdvisoryVDB Entry

http://packetstormsecurity.com/files/152396/WordPress-5.0.0-crop-image-Shell-Upload.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

http://www.rapid7.com/db/modules/exploit/multi/http/wp_crop_rce

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

http://www.securityfocus.com/bid/107088

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://blog.ripstech.com/2019/wordpress-image-remote-code-execution/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://lists.debian.org/debian-lts-announce/2019/03/msg00044.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://wpvulndb.com/vulnerabilities/9222

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.debian.org/security/2019/dsa-4401

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.exploit-db.com/exploits/46511/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

https://www.exploit-db.com/exploits/46662/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

Timeline

No history available yet.