{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2018-12-14T00:00:00", "descriptions": [{"lang": "en", "value": "In WordPress before 4.9.9 and 5.x before 5.0.1, when the Apache HTTP Server is used, authors could upload crafted files that bypass intended MIME type restrictions, leading to XSS, as demonstrated by a .jpg file without JPEG data."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-03-02T10:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "106220", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/106220"}, {"tags": ["x_refsource_MISC"], "url": "https://wordpress.org/support/wordpress-version/version-5-0-1/"}, {"tags": ["x_refsource_MISC"], "url": "https://codex.wordpress.org/Version_4.9.9"}, {"tags": ["x_refsource_MISC"], "url": "https://wpvulndb.com/vulnerabilities/9175"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/WordPress/WordPress/commit/246a70bdbfac3bd45ff71c7941deef1bb206b19a"}, {"name": "DSA-4401", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2019/dsa-4401"}, {"tags": ["x_refsource_MISC"], "url": "https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/"}, {"name": "[debian-lts-announce] 20190211 [SECURITY] [DLA 1673-1] wordpress security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00019.html"}, {"tags": ["x_refsource_MISC"], "url": "https://www.zdnet.com/article/wordpress-plugs-bug-that-led-to-google-indexing-some-user-passwords/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-20149", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In WordPress before 4.9.9 and 5.x before 5.0.1, when the Apache HTTP Server is used, authors could upload crafted files that bypass intended MIME type restrictions, leading to XSS, as demonstrated by a .jpg file without JPEG data."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "106220", "refsource": "BID", "url": "http://www.securityfocus.com/bid/106220"}, {"name": "https://wordpress.org/support/wordpress-version/version-5-0-1/", "refsource": "MISC", "url": "https://wordpress.org/support/wordpress-version/version-5-0-1/"}, {"name": "https://codex.wordpress.org/Version_4.9.9", "refsource": "MISC", "url": "https://codex.wordpress.org/Version_4.9.9"}, {"name": "https://wpvulndb.com/vulnerabilities/9175", "refsource": "MISC", "url": "https://wpvulndb.com/vulnerabilities/9175"}, {"name": "https://github.com/WordPress/WordPress/commit/246a70bdbfac3bd45ff71c7941deef1bb206b19a", "refsource": "MISC", "url": "https://github.com/WordPress/WordPress/commit/246a70bdbfac3bd45ff71c7941deef1bb206b19a"}, {"name": "DSA-4401", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2019/dsa-4401"}, {"name": "https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/", "refsource": "MISC", "url": "https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/"}, {"name": "[debian-lts-announce] 20190211 [SECURITY] [DLA 1673-1] wordpress security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00019.html"}, {"name": "https://www.zdnet.com/article/wordpress-plugs-bug-that-led-to-google-indexing-some-user-passwords/", "refsource": "MISC", "url": "https://www.zdnet.com/article/wordpress-plugs-bug-that-led-to-google-indexing-some-user-passwords/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T11:51:19.304Z"}, "title": "CVE Program Container", "references": [{"name": "106220", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/106220"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://wordpress.org/support/wordpress-version/version-5-0-1/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://codex.wordpress.org/Version_4.9.9"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://wpvulndb.com/vulnerabilities/9175"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/WordPress/WordPress/commit/246a70bdbfac3bd45ff71c7941deef1bb206b19a"}, {"name": "DSA-4401", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2019/dsa-4401"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/"}, {"name": "[debian-lts-announce] 20190211 [SECURITY] [DLA 1673-1] wordpress security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00019.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.zdnet.com/article/wordpress-plugs-bug-that-led-to-google-indexing-some-user-passwords/"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-20149", "datePublished": "2018-12-14T20:00:00", "dateReserved": "2018-12-14T00:00:00", "dateUpdated": "2024-08-05T11:51:19.304Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*", "matchCriteriaId": "CEEA870E-2BB4-4720-A3D9-1FFBA5596D94", "versionEndExcluding": "4.9.9", "vulnerable": true}, {"criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*", "matchCriteriaId": "5CCEB112-4070-4BB4-8974-C289FAF79E79", "versionEndExcluding": "5.0.1", "versionStartIncluding": "5.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In WordPress before 4.9.9 and 5.x before 5.0.1, when the Apache HTTP Server is used, authors could upload crafted files that bypass intended MIME type restrictions, leading to XSS, as demonstrated by a .jpg file without JPEG data."}, {"lang": "es", "value": "En WordPress, en versiones anteriores a la 4.9.9 y versiones 5.x anteriores a la 5.0.1, cuando se emplea el servidor HTTP de Apache, los autores podr\u00edan subir archivos arbitrarios que omiten las restricciones de tipo MIME planeadas, lo que conduce a Cross-Site Scripting (XSS). Esto queda demostrado por un archivo .jpg sin datos JPEG."}], "id": "CVE-2018-20149", "lastModified": "2024-11-21T04:00:57.110", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-12-14T20:29:00.437", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/106220"}, {"source": "cve@mitre.org", "tags": ["Product", "Vendor Advisory"], "url": "https://codex.wordpress.org/Version_4.9.9"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/WordPress/WordPress/commit/246a70bdbfac3bd45ff71c7941deef1bb206b19a"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00019.html"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://wordpress.org/support/wordpress-version/version-5-0-1/"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://wpvulndb.com/vulnerabilities/9175"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2019/dsa-4401"}, {"source": "cve@mitre.org", "tags": ["Press/Media Coverage", "Third Party Advisory"], "url": "https://www.zdnet.com/article/wordpress-plugs-bug-that-led-to-google-indexing-some-user-passwords/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/106220"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product", "Vendor Advisory"], "url": "https://codex.wordpress.org/Version_4.9.9"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/WordPress/WordPress/commit/246a70bdbfac3bd45ff71c7941deef1bb206b19a"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00019.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://wordpress.org/support/wordpress-version/version-5-0-1/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://wpvulndb.com/vulnerabilities/9175"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2019/dsa-4401"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Press/Media Coverage", "Third Party Advisory"], "url": "https://www.zdnet.com/article/wordpress-plugs-bug-that-led-to-google-indexing-some-user-passwords/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}