CVE-2019-25215

CVSS V2 None CVSS V3 None

Description

The ARI-Adminer plugin for WordPress is vulnerable to authorization bypass due to a lack of file access controls in nearly every file of the plugin in versions up to, and including, 1.1.14. This makes it possible for unauthenticated attackers to call the files directly and perform a wide variety of unauthorized actions such as accessing a site's database and making changes.

Overview

CVE ID
CVE-2019-25215

Assigner
Wordfence

Vulnerability Status
PUBLISHED

Published Version
2024-10-16T06:43:34.069Z

Last Modified Date
2024-10-16T18:05:18.848Z

Weakness Enumerations

CWE	URL
CWE-862	http://cwe.mitre.org/data/definitions/862.html

References

Reference URL	Reference Tags
https://www.wordfence.com/threat-intel/vulnerabilities/id/67ad04d4-49ef-4bc4-b3b0-f2752566145e?source=cve
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2065317%40ari-adminer&new=2065317%40ari-adminer&sfp_email=&sfph_mail=

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2019-25215
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-25215

History

Created	Old Value	New Value	Data Type	Notes
2024-10-17 12:01:46				Added to TrackCVE