CVE-2019-17671

high-risk
Published 2019-10-17

In WordPress before 5.2.4, unauthenticated viewing of certain content is possible because the static query property is mishandled.

Do I need to act?

!
66.7% chance of exploitation in next 30 days
EPSS score — higher than 33% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
!
1 public exploit available
47690
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.3/10 Medium
NETWORK / LOW complexity

Affected Products (4)

Affected Vendors

Debian Wordpress

References (18)

Patch https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-secu...
Patch https://core.trac.wordpress.org/changeset/46474
Patch https://github.com/WordPress/WordPress/commit/f82ed753cf00329a5e41f2cb6dc5210851...
Mailing List https://lists.debian.org/debian-lts-announce/2019/11/msg00000.html
Mailing List https://seclists.org/bugtraq/2020/Jan/8
Release Notes https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/
Third Party Advisory https://wpvulndb.com/vulnerabilities/9909
Third Party Advisory https://www.debian.org/security/2020/dsa-4599
Third Party Advisory https://www.debian.org/security/2020/dsa-4677
Patch https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-secu...
Patch https://core.trac.wordpress.org/changeset/46474
Patch https://github.com/WordPress/WordPress/commit/f82ed753cf00329a5e41f2cb6dc5210851...
Mailing List https://lists.debian.org/debian-lts-announce/2019/11/msg00000.html
Mailing List https://seclists.org/bugtraq/2020/Jan/8
Release Notes https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/
Third Party Advisory https://wpvulndb.com/vulnerabilities/9909
Third Party Advisory https://www.debian.org/security/2020/dsa-4599
Third Party Advisory https://www.debian.org/security/2020/dsa-4677
50
/ 100
high-risk
Severity 21/34 · High
Exploitability 19/34 · Moderate
Exposure 10/34 · Low