1. Symantec-Broadcom-Horizontal/
  2. Security Response/
  3. Attack Signatures/
  4. Web Attack: WordPress Remote Code Execution CVE-2019-8942

Web Attack: WordPress Remote Code Execution CVE-2019-8942

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempts to exploit a remote code execution vulnerability in WordPress.

Additional Information

WordPress is a PHP-based content manager.

WordPress is prone to a remote code-execution vulnerability becasue it fails to properly handle specially crafted metadata. Specifically, the issue occurs because the '_wp_attached_file' Post Meta entry can be changed to an arbitrary string such as one ending with a '.jpg?file.php' sub string. An attacker can exploit this issue to execute arbitrary code by uploading a crafted image containing PHP code in the 'Exif' metadata.

Attackers can exploit this issue to execute arbitrary code or crash the affected application. Failed exploit attempts will likely result in denial of service conditions.

Affected

  • WordPress version before 4.9.9 and 5.x before 5.0.1
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube