** DISPUTED ** The Wordfence plugin 7.2.3 for WordPress allows XSS via a unique attack vector. NOTE: It has been asserted that this is not a valid vulnerability in the context of the Wordfence WordPress plugin as the firewall rules are not maintained as part of the Wordfence software but rather it is a set of rules hosted on vendor servers and pushed to the plugin with no versioning associated. Bypassing a WAF rule doesn't make a WordPress site vulnerable (speaking in terms of software vulnerabilities).
References
Link | Resource |
---|---|
https://www.edgescan.com/popular-wordpress-waf-bypass-zeroday-discovered-by-edgescan/ | Exploit Third Party Advisory |
https://www.edgescan.com/popular-wordpress-waf-bypass-zeroday-discovered-by-edgescan/ | Exploit Third Party Advisory |
Configurations
History
21 Nov 2024, 04:52
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.edgescan.com/popular-wordpress-waf-bypass-zeroday-discovered-by-edgescan/ - Exploit, Third Party Advisory |
12 Jul 2022, 14:15
Type | Values Removed | Values Added |
---|---|---|
Summary | ** DISPUTED ** The Wordfence plugin 7.2.3 for WordPress allows XSS via a unique attack vector. NOTE: It has been asserted that this is not a valid vulnerability in the context of the Wordfence WordPress plugin as the firewall rules are not maintained as part of the Wordfence software but rather it is a set of rules hosted on vendor servers and pushed to the plugin with no versioning associated. Bypassing a WAF rule doesn't make a WordPress site vulnerable (speaking in terms of software vulnerabilities). |
Information
Published : 2019-04-25 19:29
Updated : 2024-11-21 04:52
NVD link : CVE-2019-9669
Mitre link : CVE-2019-9669
CVE.ORG link : CVE-2019-9669
JSON object : View
Products Affected
wordfence
- wordfence
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')