CVE-2019-25138 - OpenCVE

The User Submitted Posts plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the usp_check_images function in versions up to, and including, 20190312. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Plugin-planet	User Submitted Posts

Configuration 1 [-]

cpe:2.3:a:plugin-planet:user_submitted_posts:*:*:*:*:*:wordpress:*:*

References

Link	Resource
https://blog.nintechnet.com/arbitrary-file-upload-vulnerability-in-wordpress-user-submitted-posts-plugin/	Exploit
https://wordpress.org/plugins/user-submitted-posts/#developers	Product Release Notes
https://www.wordfence.com/threat-intel/vulnerabilities/id/5a97877b-fb4d-4e87-bcff-56be65fee6ce?source=cve	Broken Link Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Wordfence

Published: 2023-06-07T01:51:22.056Z

Updated: 2023-06-07T01:51:22.056Z

Reserved: 2023-06-06T12:45:09.229Z

Link: CVE-2019-25138

JSON object: View

NVD Information

Status : Modified

Published: 2023-06-07T02:15:09.963

Modified: 2023-11-07T03:09:21.093

Link: CVE-2019-25138

JSON object: View

Redhat Information

No data.

CWE

CWE-434

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:plugin-planet:user_submitted_posts:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "1C47A838-ACA6-4C2F-A2B4-EBB78BC8AC0E", "versionEndIncluding": "20190312", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The User Submitted Posts plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the usp_check_images function in versions up to, and including, 20190312. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible."}], "id": "CVE-2019-25138", "lastModified": "2023-11-07T03:09:21.093", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2023-06-07T02:15:09.963", "references": [{"source": "security@wordfence.com", "tags": ["Exploit"], "url": "https://blog.nintechnet.com/arbitrary-file-upload-vulnerability-in-wordpress-user-submitted-posts-plugin/"}, {"source": "security@wordfence.com", "tags": ["Product", "Release Notes"], "url": "https://wordpress.org/plugins/user-submitted-posts/#developers"}, {"source": "security@wordfence.com", "tags": ["Broken Link", "Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5a97877b-fb4d-4e87-bcff-56be65fee6ce?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-434"}], "source": "nvd@nist.gov", "type": "Primary"}]}