CVE-2019-17674 — Cross-site Scripting in Wordpress

CWE-79 — Cross-site Scripting9 documents6 sources

Severity

5.4MEDIUMNVD

EPSS

2.5%

top 14.68%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wordpress Debian Wordpress Debian Linux

Timeline

PublishedOct 17

Latest updateMay 24

Description

WordPress before 5.2.4 is vulnerable to stored XSS (cross-site scripting) via the Customizer.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages3 packages

▶debiandebian/wordpress< wordpress 5.2.4+dfsg1-1 (bookworm)

▶NVDwordpress/wordpress< 5.2.4

▶Debianwordpress/wordpress< 5.2.4+dfsg1-1+3

Also affects: Debian Linux 10.0, 9.0

🔴Vulnerability Details

GHSA

GHSA-v3h4-mqmp-768j: WordPress before 5↗2022-05-24

▶

OSV

CVE-2019-17674: WordPress before 5↗2019-10-17

▶

📋Vendor Advisories

Debian

CVE-2019-17674: wordpress - WordPress before 5.2.4 is vulnerable to stored XSS (cross-site scripting) via th...↗2019

▶

💬Community

HackerOne

Version problem in wordpress leads to the many vulnearability↗2020-01-10

▶

Bugzilla

CVE-2019-17674 wordpress: stored XSS via the Customizer [epel-6]↗2019-11-19

▶

Bugzilla

CVE-2019-17674 wordpress: stored XSS via the Customizer [epel-7]↗2019-11-19

▶

Bugzilla

CVE-2019-17674 wordpress: stored XSS via the Customizer [fedora-all]↗2019-11-19

▶

Bugzilla

CVE-2019-17674 wordpress: stored XSS via the Customizer↗2019-11-19

▶