CVE-2018-19370: Race Condition
First published: Wed Nov 28 2018(Updated: )
A Race condition vulnerability in unzip_file in admin/import/class-import-settings.php in the Yoast SEO (wordpress-seo) plugin before 9.2.0 for WordPress allows an SEO Manager to perform command execution on the Operating System via a ZIP import.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Yoast Yoast Seo | <=9.2.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2018-19370?
CVE-2018-19370 is a race condition vulnerability in the Yoast SEO plugin for WordPress, allowing command execution on the operating system via a ZIP import.
What software versions are affected by CVE-2018-19370?
Yoast SEO plugin versions up to and including 9.2.0.
What is the severity of CVE-2018-19370?
CVE-2018-19370 has a severity rating of medium (6.6).
How do I fix CVE-2018-19370?
To fix CVE-2018-19370, update the Yoast SEO plugin to version 9.2.1 or later.
Where can I find more information about CVE-2018-19370?
You can find more information about CVE-2018-19370 on the Yoast SEO GitHub repository, the WordPress plugin page, and a YouTube video discussing the vulnerability.
- collector/nvd-index
- agent/severity
- agent/references
- agent/author
- agent/weakness
- agent/description
- agent/type
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/yoast
- canonical/yoast yoast seo
- version/yoast yoast seo/9.2.0