WordPress Plugin Vulnerabilities

Yuzo Related Posts < 5.12.94 - Unauthenticated Call Any Action or Update Any Option

Description

The YUZO WordPress plugin was affected by an Unauthenticated Call Any Action or Update Any Option security vulnerability.

Affects Plugins

Plugin icon
yuzo-related-post
Fixed in 5.12.94

References

CVE
CVE-2019-11869
URL
https://www.wordfence.com/blog/2019/04/yuzo-related-posts-zero-day-vulnerability-exploited-in-the-wild/
URL
https://blog.sucuri.net/2019/04/attacks-on-closed-wordpress-plugins.html

Miscellaneous

Submitter
Daniel van Dorp
Submitter website
https://vandorp.biz
Submitter twitter
djvdorp
Verified
No
WPVDB ID
babc4a84-636d-425e-9915-ea33542a9e77

Timeline

Publicly Published
2019-04-10 (about 7 years ago)
Added
2019-04-10 (about 7 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2015-01-22
Title
Pagelines Theme <= 1.4.5 - Privilege escalation
Published
2023-05-24
Title
Upload Resume <= 1.2.0 - Captcha Bypass
Published
2026-03-27
Title
SureForms < 2.6.0 - Unauthenticated Payment Amount Validation Bypass via 'form_id'
Published
2023-10-24
Title
YOP Poll < 6.5.29 - Reusable Captcha via validateImage
Published
2019-05-29
Title
ConvertPlus <= 3.4.2 - Unauthenticated Arbitrary User Role Creation