CVE-2019-16781 Vulnerability Details

  /     /     /  

CVE-2019-16781 Metadata Quick Info

CVE Published: 26/12/2019 | CVE Updated: 05/08/2024 | CVE Year: 2019
Source: GitHub_M | Vendor: WordPress | Product: WordPress
Status : PUBLISHED

---

CVE-2019-16781 Description

In WordPress before 5.3.1, authenticated users with lower privileges (like contributors) can inject JavaScript code in the block editor, which is executed within the dashboard. It can lead to an admin opening the affected post in the editor leading to XSS.

Metrics

CVSS Version: 3.1 | Base Score: 5.8 MEDIUM
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:N/A:N

l➤ Exploitability Metrics:
    Attack Vector (AV)* NETWORK
    Attack Complexity (AC)* HIGH
    Privileges Required (PR)* LOW
    User Interaction (UI)* REQUIRED
    Scope (S)* CHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* HIGH
    Integrity Impact (I)* NONE
    Availability Impact (A)* NONE

Weakness Enumeration (CWE)

CWE-ID: CWE-79
CWE Name: CWE-79 Cross-site Scripting (XSS)
Source: WordPress

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).