Lucene search

[email protected]CVE-2019-20203

HistoryJan 02, 2020 - 2:16 p.m.

CVE-2019-20203

2020-01-0214:16:35

CWE-290

[email protected]

web.nvd.nist.gov

126

cve

wordpress

postie plugin

remote attackers

spoofing

nvd

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

5.2 Medium

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

82.7%

JSON

The Authorized Addresses feature in the Postie plugin 1.9.40 for WordPress allows remote attackers to publish posts by spoofing the From information of an email message.

Affected configurations

NVD

Node

postiepluginpostieRange≤1.9.40wordpress

CPENameOperatorVersion
postieplugin:postiepostieplugin postiele1.9.40

CPE	Name	Operator	Version
postieplugin:postie	postieplugin postie	le	1.9.40

References

github.com/V1n1v131r4/Exploiting-Postie-WordPress-Plugin-/blob/master/README.md

postieplugin.com/

wordpress.org/plugins/postie/#developers

wpvulndb.com/vulnerabilities/10002

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

5.2 Medium

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

82.7%

JSON

Related for CVE-2019-20203

nvd1 prion1 cvelist1 wpvulndb1 packetstorm1 exploitpack1 exploitdb1