CVE-2019-17671
published 2019-10-17CVE-2019-17671: In WordPress before 5.2.4, unauthenticated viewing of certain content is possible because the static query property is mishandled.
PriorityP351medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
EXPLOIT
EPSS
36.50%
98.3th percentile
In WordPress before 5.2.4, unauthenticated viewing of certain content is possible because the static query property is mishandled.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | wordpress | < wordpress 5.2.4+dfsg1-1 (bookworm) | wordpress 5.2.4+dfsg1-1 (bookworm) |
| wordpress | wordpress | < 5.2.4 | 5.2.4 |
| wordpress | wordpress | >= 0 < 5.2.4+dfsg1-1 | 5.2.4+dfsg1-1 |
| wordpress | wordpress | >= 0 < 5.2.4+dfsg1-1 | 5.2.4+dfsg1-1 |
| wordpress | wordpress | >= 0 < 5.2.4+dfsg1-1 | 5.2.4+dfsg1-1 |
| wordpress | wordpress | >= 0 < 5.2.4+dfsg1-1 | 5.2.4+dfsg1-1 |
Detection & IOCsextracted from sources · hover to see the quote
sigma
WordPress ]*>[^<]{3,}'
- 'WordPress ([0-4]\.|5\.[0-2]\.|5\.2\.[0-3])'- →Look for HTTP requests containing the `?static=1` query parameter targeting WordPress URLs, which is the core trigger for this unauthenticated content disclosure vulnerability. ↗
- →Monitor for combined use of `?static=1` with manipulation parameters `order`, `orderby`, and `m` (date filter) in the same request, indicating active exploitation attempts. ↗
- →Flag WordPress installations running versions before 5.2.4 as vulnerable; version fingerprinting can confirm exposure. ↗
- ·The exploit affects WordPress versions before 5.2.4; patched versions resolve the static query property mishandling. Ensure the target is not already patched before acting on detections. ↗
- ·The upstream fix is tracked at a specific GitHub commit; detections based on version strings should use the range up to and including 5.2.3. ↗
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
osv5.3MEDIUM
vendor_debian5.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-q76h-h683-9cc8: In WordPress before 5
ghsa_unreviewed·2022-05-24
CVE-2019-17671 [MEDIUM] CWE-200 GHSA-q76h-h683-9cc8: In WordPress before 5
In WordPress before 5.2.4, unauthenticated viewing of certain content is possible because the static query property is mishandled.
OSV
CVE-2019-17671: In WordPress before 5
osv·2019-10-17·CVSS 5.3
CVE-2019-17671 [MEDIUM] CVE-2019-17671: In WordPress before 5
In WordPress before 5.2.4, unauthenticated viewing of certain content is possible because the static query property is mishandled.
Debian
CVE-2019-17671: wordpress - In WordPress before 5.2.4, unauthenticated viewing of certain content is possibl...
vendor_debian·2019·CVSS 5.3
CVE-2019-17671 [MEDIUM] CVE-2019-17671: wordpress - In WordPress before 5.2.4, unauthenticated viewing of certain content is possibl...
In WordPress before 5.2.4, unauthenticated viewing of certain content is possible because the static query property is mishandled.
Scope: local
bookworm: resolved (fixed in 5.2.4+dfsg1-1)
bullseye: resolved (fixed in 5.2.4+dfsg1-1)
forky: resolved (fixed in 5.2.4+dfsg1-1)
sid: resolved (fixed in 5.2.4+dfsg1-1)
trixie: resolved (fixed in 5.2.4+dfsg1-1)
No detection rules found.
Exploit-DB
WordPress Core < 5.2.3 - Viewing Unauthenticated/Password/Private Posts
exploitdb·2019-10-14
CVE-2019-17671 WordPress Core < 5.2.3 - Viewing Unauthenticated/Password/Private Posts
WordPress Core < 5.2.3 - Viewing Unauthenticated/Password/Private Posts
---
So far we know that adding `?static=1` to a wordpress URL should leak its secret content
Here are a few ways to manipulate the returned entries:
- `order` with `asc` or `desc`
- `orderby`
- `m` with `m=YYYY`, `m=YYYYMM` or `m=YYYYMMDD` date format
In this case, simply reversing the order of the returned elements suffices and `http://wordpress.local/?static=1&order=asc` will show the secret content:
Nuclei
WordPress <= 5.2.4 - Unauthenticated View Private/Draft Posts
nuclei·CVSS 5.3
CVE-2019-17671 [MEDIUM] WordPress <= 5.2.4 - Unauthenticated View Private/Draft Posts
WordPress ]*>[^<]{3,}'
- 'WordPress ([0-4]\.|5\.[0-2]\.|5\.2\.[0-3])'
condition: and
- type: status
status:
- 200
# digest: 4a0a00473045022100e221e2db2ea12f63525415f04ca681bf2a12fca626499caf2877026b54b7e91a02202f8dc1ae5e7f6966f3ed81ec76578ef22835a95b72d7f6d7de211839c146abd0:922c64590222798bb761d5b6d8e72950
HackerOne
Version problem in wordpress leads to the many vulnearability
hackerone·2020-01-10·CVSS 6.1
[MEDIUM] Version problem in wordpress leads to the many vulnearability
Version problem in wordpress leads to the many vulnearability
##Title: WordPress 3.9-5.1 - Comment Cross-Site Scripting (XSS)
Reference: https://wpvulndb.com/vulnerabilities/9230
Reference: https://github.com/WordPress/WordPress/commit/0292de60ec78c5a44956765189403654fe4d080b
Reference: https://wordpress.org/news/2019/03/wordpress-5-1-1-security-and-maintenance-release/
Reference: https://blog.ripstech.com/2019/wordpress-csrf-to-rce/
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9787
## Title: WordPress <= 5.2.2 - Cross-Site Scripting (XSS) in URL Sanitisation
Reference: https://wpvulndb.com/vulnerabilities/9867
Reference: https://wordpress.org/news/2019/09/wordpress-5-2-3-security-and-maintenance-release/
Reference: https://github.com/WordPress/WordPress/commit/30a
Bugzilla
CVE-2019-17671 wordpress: unauthenticated viewing of certain content is possible because the static query property is mishandled [fedora-all]
bugzilla·2019-11-19·CVSS 5.3
CVE-2019-17671 [MEDIUM] CVE-2019-17671 wordpress: unauthenticated viewing of certain content is possible because the static query property is mishandled [fedora-all]
CVE-2019-17671 wordpress: unauthenticated viewing of certain content is possible because the static query property is mishandled [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commi
Bugzilla
CVE-2019-17671 wordpress: unauthenticated viewing of certain content is possible because the static query property is mishandled
bugzilla·2019-11-19·CVSS 5.3
CVE-2019-17671 [MEDIUM] CVE-2019-17671 wordpress: unauthenticated viewing of certain content is possible because the static query property is mishandled
CVE-2019-17671 wordpress: unauthenticated viewing of certain content is possible because the static query property is mishandled
In WordPress before 5.2.4, unauthenticated viewing of certain content is possible because the static query property is mishandled.
References:
https://wpvulndb.com/vulnerabilities/9909
https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html
Upstream commit:
https://github.com/WordPress/WordPress/commit/f82ed753cf00329a5e41f2cb6dc521085136f308
Discussion:
Created wordpress tracking bugs for this issue:
Affects: epel-6 [bug 1774225]
Affects: epel-7 [bug 1774226]
Affects: fedora-all [bug 1774224]
---
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package
Bugzilla
CVE-2019-17671 wordpress: unauthenticated viewing of certain content is possible because the static query property is mishandled [epel-6]
bugzilla·2019-11-19·CVSS 5.3
CVE-2019-17671 [MEDIUM] CVE-2019-17671 wordpress: unauthenticated viewing of certain content is possible because the static query property is mishandled [epel-6]
CVE-2019-17671 wordpress: unauthenticated viewing of certain content is possible because the static query property is mishandled [epel-6]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-6.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit messag
Bugzilla
CVE-2019-17671 wordpress: unauthenticated viewing of certain content is possible because the static query property is mishandled [epel-7]
bugzilla·2019-11-19·CVSS 5.3
CVE-2019-17671 [MEDIUM] CVE-2019-17671 wordpress: unauthenticated viewing of certain content is possible because the static query property is mishandled [epel-7]
CVE-2019-17671 wordpress: unauthenticated viewing of certain content is possible because the static query property is mishandled [epel-7]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-7.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit messag
https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.htmlhttps://core.trac.wordpress.org/changeset/46474https://github.com/WordPress/WordPress/commit/f82ed753cf00329a5e41f2cb6dc521085136f308https://lists.debian.org/debian-lts-announce/2019/11/msg00000.htmlhttps://seclists.org/bugtraq/2020/Jan/8https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/https://wpvulndb.com/vulnerabilities/9909https://www.debian.org/security/2020/dsa-4599https://www.debian.org/security/2020/dsa-4677https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.htmlhttps://core.trac.wordpress.org/changeset/46474https://github.com/WordPress/WordPress/commit/f82ed753cf00329a5e41f2cb6dc521085136f308https://lists.debian.org/debian-lts-announce/2019/11/msg00000.htmlhttps://seclists.org/bugtraq/2020/Jan/8https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/https://wpvulndb.com/vulnerabilities/9909https://www.debian.org/security/2020/dsa-4599https://www.debian.org/security/2020/dsa-4677
2019-10-17
Published