CVE-2019-17671

MEDIUM NUCLEI LAB

Wordpress < 5.2.4 - Information Disclosure

Title source: rule

Description

In WordPress before 5.2.4, unauthenticated viewing of certain content is possible because the static query property is mishandled.

Exploits (2)

exploitdb WRITEUP
by Sebastian Neef · webappsmultiple
https://www.exploit-db.com/exploits/47690
nomisec SUSPICIOUS 2 stars
by rhbb · poc
https://github.com/rhbb/CVE-2019-17671

Nuclei Templates (1)

WordPress <= 5.2.4 - Unauthenticated View Private/Draft Posts
MEDIUMVERIFIEDby 0x_Akoko
Shodan: http.component:"wordpress" http.html:"status-draft"
FOFA: body="Wordpress" && body="status-draft"

References (9)

Scores

CVSS v3 5.3
EPSS 0.6671
EPSS Percentile 98.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Lab Environment

COMMUNITY
Community Lab
docker pull wordpress:5.2.3

Details

CWE
CWE-200
Status published
Products (4)
debian/debian_linux 8.0
debian/debian_linux 9.0
debian/debian_linux 10.0
wordpress/wordpress < 5.2.4
Published Oct 17, 2019
Tracked Since Feb 18, 2026