CVE-2019-12826 - OpenCVE

A Cross-Site-Request-Forgery (CSRF) vulnerability in widget_logic.php in the 2by2host Widget Logic plugin before 5.10.2 for WordPress allows remote attackers to execute PHP code via snippets (that are attached to widgets and then eval'd to dynamically determine their visibility) by crafting a malicious POST request that tricks administrators into adding the code.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Wpchef	Widget Logic

Configuration 1 [-]

cpe:2.3:a:wpchef:widget_logic:*:*:*:*:*:wordpress:*:*

References

Link	Resource
https://dannewitz.ninja/posts/widget-logic-csrf-to-rce	Exploit Third Party Advisory
https://plugins.trac.wordpress.org/changeset/2112753/widget-logic	Third Party Advisory
https://wpvulndb.com/vulnerabilities/9403
https://wpvulndb.com/vulnerabilities/9413

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2019-07-01T17:56:51

Updated: 2019-08-15T10:06:02

Reserved: 2019-06-14T00:00:00

Link: CVE-2019-12826

JSON object: View

NVD Information

Status : Modified

Published: 2019-07-01T18:15:11.740

Modified: 2019-07-31T08:15:11.583

Link: CVE-2019-12826

JSON object: View

Redhat Information

No data.

CWE

CWE-352

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2019-06-26T00:00:00", "descriptions": [{"lang": "en", "value": "A Cross-Site-Request-Forgery (CSRF) vulnerability in widget_logic.php in the 2by2host Widget Logic plugin before 5.10.2 for WordPress allows remote attackers to execute PHP code via snippets (that are attached to widgets and then eval'd to dynamically determine their visibility) by crafting a malicious POST request that tricks administrators into adding the code."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-08-15T10:06:02", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://dannewitz.ninja/posts/widget-logic-csrf-to-rce"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://plugins.trac.wordpress.org/changeset/2112753/widget-logic"}, {"tags": ["x_refsource_MISC"], "url": "https://wpvulndb.com/vulnerabilities/9413"}, {"tags": ["x_refsource_MISC"], "url": "https://wpvulndb.com/vulnerabilities/9403"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-12826", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A Cross-Site-Request-Forgery (CSRF) vulnerability in widget_logic.php in the 2by2host Widget Logic plugin before 5.10.2 for WordPress allows remote attackers to execute PHP code via snippets (that are attached to widgets and then eval'd to dynamically determine their visibility) by crafting a malicious POST request that tricks administrators into adding the code."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://dannewitz.ninja/posts/widget-logic-csrf-to-rce", "refsource": "MISC", "url": "https://dannewitz.ninja/posts/widget-logic-csrf-to-rce"}, {"name": "https://plugins.trac.wordpress.org/changeset/2112753/widget-logic", "refsource": "CONFIRM", "url": "https://plugins.trac.wordpress.org/changeset/2112753/widget-logic"}, {"name": "https://wpvulndb.com/vulnerabilities/9413", "refsource": "MISC", "url": "https://wpvulndb.com/vulnerabilities/9413"}, {"name": "https://wpvulndb.com/vulnerabilities/9403", "refsource": "MISC", "url": "https://wpvulndb.com/vulnerabilities/9403"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-12826", "datePublished": "2019-07-01T17:56:51", "dateReserved": "2019-06-14T00:00:00", "dateUpdated": "2019-08-15T10:06:02", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wpchef:widget_logic:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "416E0D99-BB05-40C0-BA2B-EC0622023518", "versionEndExcluding": "5.10.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A Cross-Site-Request-Forgery (CSRF) vulnerability in widget_logic.php in the 2by2host Widget Logic plugin before 5.10.2 for WordPress allows remote attackers to execute PHP code via snippets (that are attached to widgets and then eval'd to dynamically determine their visibility) by crafting a malicious POST request that tricks administrators into adding the code."}, {"lang": "es", "value": "Una vulnerabilidad de Cross-Site Request Forgery (CSRF) en widget_logic.php en el plugin 2by2host Widget Logic en versiones anteriores a la 5.10.2 para WordPress permite a atacantes remotos ejecutar c\u00f3digo PHP mediante snippets (que se adjuntan a los widgets y luego se eval\u00faan din\u00e1micamente para determinar su visibilidad) creando una solicitud POST maliciosa que enga\u00f1e a los administradores para que agreguen el c\u00f3digo."}], "id": "CVE-2019-12826", "lastModified": "2019-07-31T08:15:11.583", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-07-01T18:15:11.740", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://dannewitz.ninja/posts/widget-logic-csrf-to-rce"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://plugins.trac.wordpress.org/changeset/2112753/widget-logic"}, {"source": "cve@mitre.org", "url": "https://wpvulndb.com/vulnerabilities/9403"}, {"source": "cve@mitre.org", "url": "https://wpvulndb.com/vulnerabilities/9413"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "nvd@nist.gov", "type": "Primary"}]}