Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).
CVE-2019-17671 — Sensitive Information Exposure in Wordpress
Severity
5.3MEDIUMNVD
EPSS
66.7%
top 1.45%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
Timeline
PublishedOct 17
Latest updateMay 24
Description
In WordPress before 5.2.4, unauthenticated viewing of certain content is possible because the static query property is mishandled.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4
Affected Packages3 packages
Also affects: Debian Linux 10.0, 8.0, 9.0
Patches
🔴Vulnerability Details
2💥Exploits & PoCs
2Nuclei▶
WordPress <= 5.2.4 - Unauthenticated View Private/Draft Posts
📋Vendor Advisories
1Debian▶
CVE-2019-17671: wordpress - In WordPress before 5.2.4, unauthenticated viewing of certain content is possibl...↗2019
💬Community
5Bugzilla▶
CVE-2019-17671 wordpress: unauthenticated viewing of certain content is possible because the static query property is mishandled [fedora-all]↗2019-11-19
Bugzilla▶
CVE-2019-17671 wordpress: unauthenticated viewing of certain content is possible because the static query property is mishandled↗2019-11-19
Bugzilla▶
CVE-2019-17671 wordpress: unauthenticated viewing of certain content is possible because the static query property is mishandled [epel-6]↗2019-11-19
Bugzilla▶
CVE-2019-17671 wordpress: unauthenticated viewing of certain content is possible because the static query property is mishandled [epel-7]↗2019-11-19