CVE-2019-16645 is a vulnerability that affects the popular blogging platform, WordPress. This vulnerability allows an attacker with contributor-level access to execute arbitrary code on the target system, potentially leading to full compromise of the website. The flaw arises from a lack of proper validation of user input in the upload file functionality of certain plugins.
The vulnerability was first discovered in October 2019 and was assigned CVE-2019-16645 by the Common Vulnerabilities and Exposures (CVE) database. Several popular plugins were found to be vulnerable, including the "Async JavaScript" plugin, which has over 100,000 active installations. The vulnerability was rated as critical due to its potential impact on the confidentiality, integrity, and availability of the affected systems.
Several security researchers and organizations, such as Wordfence and National Vulnerability Database (NVD), released advisories warning users of the vulnerability and recommending immediate updates and patches. Plugin developers also released updates to address the flaw in their products. It is imperative for WordPress users to stay vigilant and keep all software up-to-date to avoid exploitation of this and other vulnerabilities.