Description

In WordPress before 5.2.4, unauthenticated viewing of certain content is possible because the static query property is mishandled.

Remediation

References

CVE-2019-17671

Related Vulnerabilities

Ruby on Rails Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-8162)

WordPress Plugin Site Offline Or Coming Soon Or Maintenance Mode Cross-Site Request Forgery (1.4.3)

ownCloud Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-3832)

WordPress Plugin FormBuilder Cross-Site Scripting (0.90)

WordPress Plugin Ninja Forms Contact Form-The Drag and Drop Form Builder for WordPress Cross-Site Scripting (3.4.22.1)

Severity

Medium

Classification

CVE-2019-17671 CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities