Arbitrary File Deletion in IgniteUp Plugin for WordPress
CVE-2019-17234

7.5HIGH

Key Information:

Vendor: Wordpress
Status: Igniteup
Vendor: CVE Published:; 12 November 2019

Badges

👾 Exploit Exists🟣 EPSS 23%

What is CVE-2019-17234?

The IgniteUp plugin, used for creating maintenance and coming soon pages in WordPress, contains a vulnerability that allows unauthenticated users to delete arbitrary files on the server. This can lead to significant data loss or the compromising of site integrity, as attackers exploit this flaw to manipulate or erase critical files without authentication. Users are advised to update to the latest version to mitigate the risk and ensure the security of their WordPress installations.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://wordpress.org/plugins/igniteup/#developers

x_refsource_MISC

https://blog.nintechnet.com/multiple-vulnerabilities-in-w...

x_refsource_MISC

EPSS Score

23% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

🟡
Public PoC available
Nov 14, 2019
👾
Exploit known to exist
Nov 14, 2019
Vulnerability published
Nov 12, 2019
Vulnerability Reserved
Oct 6, 2019

JSON

Wordpress

Badges

What is CVE-2019-17234?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

EPSS Score

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.