WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Yoast SEO <= 9.1 - Authenticated Race Condition

Description

According to the changelog,

"Race Condition which leads to command execution, by users with SEO Manager roles."

Affects Plugins

wordpress-seo
Fixed in version 9.2

References

CVE
CVE-2018-19370
URL
https://plugins.trac.wordpress.org/changeset/1977260/wordpress-seo
URL
https://packetstormsecurity.com/files/150497/
URL
https://github.com/Yoast/wordpress-seo/pull/11502/commits/3bfa70a143f5ea3ee1934f3a1703bb5caf139ffa

YouTube Video

Classification

Type

RCE

OWASP top 10
A1: Injection
CWE
CWE-94

Miscellaneous

Original Researcher

Dimopoulos Ilias

Submitter

Dimopoulos Ilias

Submitter twitter
gweeperx
Verified

No

WPVDB ID
bd32be83-db19-4026-adc9-9da284849ee3

Timeline

Publicly Published

2018-11-20 (about 4 years ago)

Added

2018-11-20 (about 4 years ago)

Last Updated

2020-10-02 (about 2 years ago)

Our Other Services

WPScan WordPress Security Plugin