CVE-2019-6780 - The Wise Chat plugin before 2.7 for WordPress mishandles external links because rendering/filters/po

CVE-2019-6780

Summary

The Wise Chat plugin before 2.7 for WordPress mishandles external links because rendering/filters/post/WiseChatLinksPostFilter.php omits noopener and noreferrer.

References

Vulnerable Configurations

cpe:2.3:a:kaine:wise_chat:1.0:*:*:*:*:wordpress:*:*
cpe:2.3:a:kaine:wise_chat:1.0:*:*:*:*:wordpress:*:*
cpe:2.3:a:kaine:wise_chat:1.1:*:*:*:*:wordpress:*:*
cpe:2.3:a:kaine:wise_chat:1.1:*:*:*:*:wordpress:*:*
cpe:2.3:a:kaine:wise_chat:1.2:*:*:*:*:wordpress:*:*
cpe:2.3:a:kaine:wise_chat:1.2:*:*:*:*:wordpress:*:*
cpe:2.3:a:kaine:wise_chat:1.3:*:*:*:*:wordpress:*:*
cpe:2.3:a:kaine:wise_chat:1.3:*:*:*:*:wordpress:*:*
cpe:2.3:a:kaine:wise_chat:1.4:*:*:*:*:wordpress:*:*
cpe:2.3:a:kaine:wise_chat:1.4:*:*:*:*:wordpress:*:*
cpe:2.3:a:kaine:wise_chat:1.5:*:*:*:*:wordpress:*:*
cpe:2.3:a:kaine:wise_chat:1.5:*:*:*:*:wordpress:*:*
cpe:2.3:a:kaine:wise_chat:1.6:*:*:*:*:wordpress:*:*
cpe:2.3:a:kaine:wise_chat:1.6:*:*:*:*:wordpress:*:*
cpe:2.3:a:kaine:wise_chat:1.7:*:*:*:*:wordpress:*:*
cpe:2.3:a:kaine:wise_chat:1.7:*:*:*:*:wordpress:*:*
cpe:2.3:a:kaine:wise_chat:1.8:*:*:*:*:wordpress:*:*
cpe:2.3:a:kaine:wise_chat:1.8:*:*:*:*:wordpress:*:*
cpe:2.3:a:kaine:wise_chat:2.0:*:*:*:*:wordpress:*:*
cpe:2.3:a:kaine:wise_chat:2.0:*:*:*:*:wordpress:*:*
cpe:2.3:a:kaine:wise_chat:2.0.1:*:*:*:*:wordpress:*:*
cpe:2.3:a:kaine:wise_chat:2.0.1:*:*:*:*:wordpress:*:*
cpe:2.3:a:kaine:wise_chat:2.1:*:*:*:*:wordpress:*:*
cpe:2.3:a:kaine:wise_chat:2.1:*:*:*:*:wordpress:*:*
cpe:2.3:a:kaine:wise_chat:2.2:*:*:*:*:wordpress:*:*
cpe:2.3:a:kaine:wise_chat:2.2:*:*:*:*:wordpress:*:*
cpe:2.3:a:kaine:wise_chat:2.3:*:*:*:*:wordpress:*:*
cpe:2.3:a:kaine:wise_chat:2.3:*:*:*:*:wordpress:*:*
cpe:2.3:a:kaine:wise_chat:2.4:*:*:*:*:wordpress:*:*
cpe:2.3:a:kaine:wise_chat:2.4:*:*:*:*:wordpress:*:*
cpe:2.3:a:kaine:wise_chat:2.4.1:*:*:*:*:wordpress:*:*
cpe:2.3:a:kaine:wise_chat:2.4.1:*:*:*:*:wordpress:*:*
cpe:2.3:a:kaine:wise_chat:2.4.2:*:*:*:*:wordpress:*:*
cpe:2.3:a:kaine:wise_chat:2.4.2:*:*:*:*:wordpress:*:*
cpe:2.3:a:kaine:wise_chat:2.4.3:*:*:*:*:wordpress:*:*
cpe:2.3:a:kaine:wise_chat:2.4.3:*:*:*:*:wordpress:*:*
cpe:2.3:a:kaine:wise_chat:2.5:*:*:*:*:wordpress:*:*
cpe:2.3:a:kaine:wise_chat:2.5:*:*:*:*:wordpress:*:*
cpe:2.3:a:kaine:wise_chat:2.6:*:*:*:*:wordpress:*:*
cpe:2.3:a:kaine:wise_chat:2.6:*:*:*:*:wordpress:*:*
cpe:2.3:a:kaine:wise_chat:2.6.1:*:*:*:*:wordpress:*:*
cpe:2.3:a:kaine:wise_chat:2.6.1:*:*:*:*:wordpress:*:*
cpe:2.3:a:kaine:wise_chat:2.6.2:*:*:*:*:wordpress:*:*
cpe:2.3:a:kaine:wise_chat:2.6.2:*:*:*:*:wordpress:*:*
cpe:2.3:a:kaine:wise_chat:2.6.3:*:*:*:*:wordpress:*:*
cpe:2.3:a:kaine:wise_chat:2.6.3:*:*:*:*:wordpress:*:*

CVSS

Base:	5.8 (as of 28-01-2019 - 14:11)
Impact:
Exploitability:

CWE

CWE-601

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	NONE

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:N

refmap via4

exploit-db	46247
misc	https://plugins.trac.wordpress.org/changeset/2016929/wise-chat/trunk/src/rendering/filters/post/WiseChatLinksPostFilter.php https://wordpress.org/plugins/wise-chat/#developers

Last major update

28-01-2019 - 14:11

Published

24-01-2019 - 20:29

Last modified

28-01-2019 - 14:11