Improper access control in WordPress - CVE-2019-17671
Published: October 15, 2019 / Updated: November 20, 2019
Vulnerability identifier: #VU21789
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Green
CVE-ID: CVE-2019-17671
CWE-ID: CWE-284
Exploitation vector: Remote access
Exploit availability:
Public exploit is available
Vendor: WordPress.ORG
Affected software:
WordPress
WordPress
Detailed vulnerability description
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists in the "WP_Query" due to improper access restrictions to private and draft posts. A remote unauthenticated attacker can use a method to view posts.
Example:
http://[host]/?static=1&order=asc
How to mitigate CVE-2019-17671
Install updates from vendor's website.
Sources
- https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/
- https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html
- https://github.com/WordPress/WordPress/commit/f82ed753cf00329a5e41f2cb6dc521085136f308
- https://0day.work/proof-of-concept-for-wordpress-5-2-3-viewing-unauthenticated-posts/