Vulnerability Description
The Plainview Activity Monitor plugin before 20180826 for WordPress is vulnerable to OS command injection via shell metacharacters in the ip parameter of a wp-admin/admin.php?page=plainview_activity_monitor&tab=activity_tools request.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Plainview Activity Monitor Project | Plainview Activity Monitor | < 20180826 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/155502/WordPress-Plainview-Activity-MonitorExploitThird Party AdvisoryVDB Entry
- http://packetstormsecurity.com/files/163425/WordPress-Plainview-Activity-MonitorExploitThird Party AdvisoryVDB Entry
- https://github.com/aas-n/CVE/tree/master/CVE-2018-15877ExploitThird Party Advisory
- https://www.exploit-db.com/exploits/45274/ExploitThird Party AdvisoryVDB Entry
- http://packetstormsecurity.com/files/155502/WordPress-Plainview-Activity-MonitorExploitThird Party AdvisoryVDB Entry
- http://packetstormsecurity.com/files/163425/WordPress-Plainview-Activity-MonitorExploitThird Party AdvisoryVDB Entry
- https://github.com/aas-n/CVE/tree/master/CVE-2018-15877ExploitThird Party Advisory
- https://www.exploit-db.com/exploits/45274/ExploitThird Party AdvisoryVDB Entry
FAQ
What is CVE-2018-15877?
CVE-2018-15877 is a vulnerability with a CVSS score of 8.8 (HIGH). The Plainview Activity Monitor plugin before 20180826 for WordPress is vulnerable to OS command injection via shell metacharacters in the ip parameter of a wp-admin/admin.php?page=plainview_activity_m...
How severe is CVE-2018-15877?
CVE-2018-15877 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-15877?
Check the references section above for vendor advisories and patch information. Affected products include: Plainview Activity Monitor Project Plainview Activity Monitor.