Vulnerability in N/a
CVE-2019-17671
In WordPress before 5.2.4, unauthenticated viewing of certain content is possible because the static query property is mishandled.
EPSS: 0.729 (98.8th percentile) — read the EPSS interpretation.
Affected products
- N/a — versions n/a
Public proof-of-concept exploits
References
- wpvulndb.com/vulnerabilities/9909 (x_refsource_MISC)
- blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-re… (x_refsource_MISC)
- wordpress.org/news/2019/10/wordpress-5-2-4-security-release/ (x_refsource_MISC)
- core.trac.wordpress.org/changeset/46474 (x_refsource_MISC)
- github.com/WordPress/WordPress/commit/f82ed753cf00329a5e41f2cb6dc521085136f308 (x_refsource_MISC)
- [debian-lts-announce] 20191105 [SECURITY] [DLA 1980-1] wordpress security update (mailing-list, x_refsource_MLIST)
- 20200108 [SECURITY] [DSA 4599-1] wordpress security update (mailing-list, x_refsource_BUGTRAQ)
- DSA-4599 (vendor-advisory, x_refsource_DEBIAN)
- DSA-4677 (vendor-advisory, x_refsource_DEBIAN)
Frequently asked questions
- What is CVE-2019-17671?
- CVE-2019-17671 is a vulnerability in N/a. Published 2019-10-17.
- Is CVE-2019-17671 known to be exploited?
- 17 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.