whyisjake

5 exploits Active since Sep 2019
CVE-2019-17671 WRITEUP MEDIUM WRITEUP
WordPress < 5.2.4 - Unauthenticated Exposure of Sensitive Information via Static Query Property
In WordPress before 5.2.4, unauthenticated viewing of certain content is possible because the static query property is mishandled.
CVSS 5.3
CVE-2019-16222 WRITEUP MEDIUM WRITEUP
WordPress < 5.2.3 - Cross-Site Scripting via URL Sanitization in wp_kses_bad_protocol_once
WordPress before 5.2.3 has an issue with URL sanitization in wp_kses_bad_protocol_once in wp-includes/kses.php that can lead to cross-site scripting (XSS) attacks.
CVSS 6.1
CVE-2019-17669 WRITEUP CRITICAL WRITEUP
WordPress < 5.2.4 - Server-Side Request Forgery via Hex-Encoded URL
WordPress before 5.2.4 has a Server Side Request Forgery (SSRF) vulnerability because URL validation does not consider the interpretation of a name as a series of hex characters.
CVSS 9.8
CVE-2019-17673 WRITEUP HIGH WRITEUP
WordPress < 5.2.4 - Cache Poisoning via JSON GET Requests
WordPress before 5.2.4 is vulnerable to poisoning of the cache of JSON GET requests because certain requests lack a Vary: Origin header.
CVSS 7.5
CVE-2019-17675 WRITEUP HIGH WRITEUP
WordPress < 5.2.4 - Cross-Site Request Forgery via Type Confusion in Admin Referer Validation
WordPress before 5.2.4 does not properly consider type confusion during validation of the referer in the admin pages, possibly leading to CSRF.
CVSS 8.8