CVE-2018-19207 — CRITICAL (9.8)

Vulnerability Description

The Van Ons WP GDPR Compliance (aka wp-gdpr-compliance) plugin before 1.4.3 for WordPress allows remote attackers to execute arbitrary code because $wpdb->prepare() input is mishandled, as exploited in the wild in November 2018.

CVSS Score

9.8

CRITICAL

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Van-Ons	Wp-Gdpr-Compliance	< 1.4.3

Related Weaknesses (CWE)

CWE-425

References

http://www.securityfocus.com/bid/105921Third Party AdvisoryVDB Entry
https://wordpress.org/plugins/wp-gdpr-compliance/#developersProductVendor Advisory
https://wpvulndb.com/vulnerabilities/9144ExploitThird Party Advisory
https://www.wordfence.com/blog/2018/11/trends-following-vulnerability-in-wp-gdprExploitThird Party Advisory
http://www.securityfocus.com/bid/105921Third Party AdvisoryVDB Entry
https://wordpress.org/plugins/wp-gdpr-compliance/#developersProductVendor Advisory
https://wpvulndb.com/vulnerabilities/9144ExploitThird Party Advisory
https://www.wordfence.com/blog/2018/11/trends-following-vulnerability-in-wp-gdprExploitThird Party Advisory

FAQ

What is CVE-2018-19207?

CVE-2018-19207 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The Van Ons WP GDPR Compliance (aka wp-gdpr-compliance) plugin before 1.4.3 for WordPress allows remote attackers to execute arbitrary code because $wpdb->prepare() input is mishandled, as exploited i...

How severe is CVE-2018-19207?

CVE-2018-19207 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2018-19207?

Check the references section above for vendor advisories and patch information. Affected products include: Van-Ons Wp-Gdpr-Compliance.