{"id":"CVE-2019-1010209","details":"GoUrl.io GoURL Wordpress Plugin 1.4.13 and earlier is affected by: CWE-434. The impact is: unauthenticated/unzuthorized Attacker can upload executable file in website. The component is: gourl.php#L5637. The fixed version is: 1.4.14.","modified":"2026-03-14T09:31:37.531236Z","published":"2019-07-23T14:15:13.747Z","references":[{"type":"FIX","url":"https://gist.github.com/pouyadarabi/467d3167551fb0712d3264c72db092af"},{"type":"FIX","url":"https://github.com/cryptoapi/Bitcoin-Wordpress-Plugin/blob/8aa17068d7ba31a05f66e0ab2bbb55efb0f60017/gourl.php#L5637"},{"type":"EVIDENCE","url":"https://www.youtube.com/watch?v=K2HElM_ZYu4"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/cryptoapi/Bitcoin-Wordpress-Plugin","events":[{"introduced":"0"},{"last_affected":"8aa17068d7ba31a05f66e0ab2bbb55efb0f60017"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.4.13"}]}}],"versions":["1.3.10","1.3.11","1.3.12","1.3.13","1.3.14","1.3.15","1.3.16","1.3.17","1.3.18","1.3.6","1.3.7","1.3.8","1.3.9","1.4.0","1.4.1","1.4.10","1.4.11","1.4.12","1.4.13","1.4.2","1.4.3","1.4.5","1.4.6","1.4.7","1.4.8","1.4.9","v1.4.1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-1010209.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}]}