9.8

CVE-2019-25217

Medienbericht

EPSS 7.33%
Veröffentlicht 16.10.2024 07:15:07
Zuletzt bearbeitet 23.12.2025 18:05:24
Quelle security@wordfence.com
CVE-Watchlists
Login
Unerledigt
Login

SiteGround Optimizer <= 5.0.12 - Missing Authorization

The SiteGround Optimizer plugin for WordPress is vulnerable to authorization bypass leading to Remote Code Execution and Local File Inclusion in versions up to, and including, 5.0.12 due to incorrect use of an access control attribute on the switch_php function called via the /switch-php REST API route. This allows attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.

Mögliche Gegenmaßnahme

Speed Optimizer – The All-In-One Performance-Boosting Plugin: Update to version 5.0.13, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt Speed Optimizer – The All-In-One Performance-Boosting Plugin

Version [*, 5.0.13)

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Siteground ≫ Speed Optimizer SwPlatformwordpress Version < 5.0.12

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	7.33%	0.914

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security@wordfence.com	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

https://blog.sucuri.net/2019/03/vulnerability-disclosure-siteground-optimizer-caldera-forms.html

Technical Description

Press/Media Coverage

https://www.wordfence.com/threat-intel/vulnerabilities/id/657f3bd7-2cdc-4eb6-ba50-7c7fca468df0?source=cve

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/657f3bd7-2cdc-4eb6-ba50-7c7fca468df0

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-25217

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-25217

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-25217

EUVD