CVE-2019-17675 — Cross-Site Request Forgery in Wordpress

CWE-352 — Cross-Site Request Forgery CWE-843 — Type Confusion9 documents6 sources

Severity

8.8HIGHNVD

EPSS

0.9%

top 23.99%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wordpress Debian Wordpress Debian Linux

Timeline

PublishedOct 17

Latest updateMay 24

Description

WordPress before 5.2.4 does not properly consider type confusion during validation of the referer in the admin pages, possibly leading to CSRF.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

▶debiandebian/wordpress< wordpress 5.2.4+dfsg1-1 (bookworm)

▶NVDwordpress/wordpress< 5.2.4

▶Debianwordpress/wordpress< 5.2.4+dfsg1-1+3

Also affects: Debian Linux 10.0, 8.0, 9.0

Patches

Patch: core.trac.wordpress.org ↗Patch: github.com ↗Patch: core.trac.wordpress.org ↗

🔴Vulnerability Details

GHSA

GHSA-493w-chrv-wxpj: WordPress before 5↗2022-05-24

▶

OSV

CVE-2019-17675: WordPress before 5↗2019-10-17

▶

📋Vendor Advisories

Debian

CVE-2019-17675: wordpress - WordPress before 5.2.4 does not properly consider type confusion during validati...↗2019

▶

💬Community

HackerOne

Version problem in wordpress leads to the many vulnearability↗2020-01-10

▶

Bugzilla

CVE-2019-17675 wordpress: does not properly consider type confusion during validation of the referer in the admin pages, possibly leading to CSRF [epel-6]↗2019-11-26

▶

Bugzilla

CVE-2019-17675 wordpress: does not properly consider type confusion during validation of the referer in the admin pages, possibly leading to CSRF↗2019-11-26

▶

Bugzilla

CVE-2019-17675 wordpress: does not properly consider type confusion during validation of the referer in the admin pages, possibly leading to CSRF [epel-7]↗2019-11-26

▶

Bugzilla

CVE-2019-17675 wordpress: does not properly consider type confusion during validation of the referer in the admin pages, possibly leading to CSRF [fedora-all]↗2019-11-26

▶