WordPress <= 5.2.3 – Unauthenticated View Private/Draft Posts | CVE 2019-17671

Affects WordPress

3.8.1

Fixed in WordPress 3.8.31

3.8

Fixed in WordPress 3.8.31

3.7.1

Fixed in WordPress 3.7.31

3.9

Fixed in WordPress 3.9.29

3.9.1

Fixed in WordPress 3.9.29

3.7

Fixed in WordPress 3.7.31

3.8.2

Fixed in WordPress 3.8.31

3.8.3

Fixed in WordPress 3.8.31

3.9.2

Fixed in WordPress 3.9.29

4.0

Fixed in WordPress 4.0.28

4.1

Fixed in WordPress 4.1.28

4.1.1

Fixed in WordPress 4.1.28

4.2

Fixed in WordPress 4.2.25

3.9.3

Fixed in WordPress 3.9.29

4.1.2

Fixed in WordPress 4.1.28

4.2.1

Fixed in WordPress 4.2.25

4.0.1

Fixed in WordPress 4.0.28

4.1.5

Fixed in WordPress 4.1.28

4.1.4

Fixed in WordPress 4.1.28

4.1.3

Fixed in WordPress 4.1.28

3.8.4

Fixed in WordPress 3.8.31

3.7.4

Fixed in WordPress 3.7.31

4.2.3

Fixed in WordPress 4.2.25

3.8.8

Fixed in WordPress 3.8.31

3.8.5

Fixed in WordPress 3.8.31

3.8.6

Fixed in WordPress 3.8.31

3.8.7

Fixed in WordPress 3.8.31

3.7.2

Fixed in WordPress 3.7.31

3.7.3

Fixed in WordPress 3.7.31

3.7.5

Fixed in WordPress 3.7.31

3.7.6

Fixed in WordPress 3.7.31

3.7.7

Fixed in WordPress 3.7.31

3.7.8

Fixed in WordPress 3.7.31

3.7.9

Fixed in WordPress 3.7.31

3.8.9

Fixed in WordPress 3.8.31

3.9.4

Fixed in WordPress 3.9.29

3.9.5

Fixed in WordPress 3.9.29

3.9.6

Fixed in WordPress 3.9.29

3.9.7

Fixed in WordPress 3.9.29

4.0.2

Fixed in WordPress 4.0.28

4.0.3

Fixed in WordPress 4.0.28

4.0.4

Fixed in WordPress 4.0.28

4.0.5

Fixed in WordPress 4.0.28

4.0.6

Fixed in WordPress 4.0.28

4.1.6

Fixed in WordPress 4.1.28

4.2.2

Fixed in WordPress 4.2.25

4.2.4

Fixed in WordPress 4.2.25

4.1.7

Fixed in WordPress 4.1.28

4.0.7

Fixed in WordPress 4.0.28

3.9.8

Fixed in WordPress 3.9.29

3.8.10

Fixed in WordPress 3.8.31

3.7.10

Fixed in WordPress 3.7.31

4.3

Fixed in WordPress 4.3.21

4.3.1

Fixed in WordPress 4.3.21

4.2.5

Fixed in WordPress 4.2.25

4.1.8

Fixed in WordPress 4.1.28

4.0.8

Fixed in WordPress 4.0.28

3.9.9

Fixed in WordPress 3.9.29

3.8.11

Fixed in WordPress 3.8.31

3.7.11

Fixed in WordPress 3.7.31

4.4

Fixed in WordPress 4.4.20

3.7.12

Fixed in WordPress 3.7.31

3.8.12

Fixed in WordPress 3.8.31

3.9.10

Fixed in WordPress 3.9.29

4.0.9

Fixed in WordPress 4.0.28

4.1.9

Fixed in WordPress 4.1.28

4.2.6

Fixed in WordPress 4.2.25

4.3.2

Fixed in WordPress 4.3.21

4.4.1

Fixed in WordPress 4.4.20

4.4.2

Fixed in WordPress 4.4.20

4.3.3

Fixed in WordPress 4.3.21

4.2.7

Fixed in WordPress 4.2.25

4.1.10

Fixed in WordPress 4.1.28

4.0.10

Fixed in WordPress 4.0.28

3.9.11

Fixed in WordPress 3.9.29

3.8.13

Fixed in WordPress 3.8.31

3.7.13

Fixed in WordPress 3.7.31

4.5

Fixed in WordPress 4.5.19

4.5.1

Fixed in WordPress 4.5.19

3.7.14

Fixed in WordPress 3.7.31

3.8.14

Fixed in WordPress 3.8.31

3.9.12

Fixed in WordPress 3.9.29

4.0.11

Fixed in WordPress 4.0.28

4.1.11

Fixed in WordPress 4.1.28

4.2.8

Fixed in WordPress 4.2.25

4.3.4

Fixed in WordPress 4.3.21

4.4.3

Fixed in WordPress 4.4.20

4.5.2

Fixed in WordPress 4.5.19

4.5.3

Fixed in WordPress 4.5.19

3.7.15

Fixed in WordPress 3.7.31

3.8.15

Fixed in WordPress 3.8.31

3.9.13

Fixed in WordPress 3.9.29

4.0.12

Fixed in WordPress 4.0.28

4.1.12

Fixed in WordPress 4.1.28

4.2.9

Fixed in WordPress 4.2.25

4.3.5

Fixed in WordPress 4.3.21

4.4.4

Fixed in WordPress 4.4.20

4.6

Fixed in WordPress 4.6.16

3.7.16

Fixed in WordPress 3.7.31

3.8.16

Fixed in WordPress 3.8.31

3.9.14

Fixed in WordPress 3.9.29

4.0.13

Fixed in WordPress 4.0.28

4.1.13

Fixed in WordPress 4.1.28

4.2.10

Fixed in WordPress 4.2.25

4.3.6

Fixed in WordPress 4.3.21

4.4.5

Fixed in WordPress 4.4.20

4.5.4

Fixed in WordPress 4.5.19

4.6.1

Fixed in WordPress 4.6.16

4.7

Fixed in WordPress 4.7.15

3.7.17

Fixed in WordPress 3.7.31

3.8.17

Fixed in WordPress 3.8.31

3.9.15

Fixed in WordPress 3.9.29

4.0.14

Fixed in WordPress 4.0.28

4.1.14

Fixed in WordPress 4.1.28

4.2.11

Fixed in WordPress 4.2.25

4.3.7

Fixed in WordPress 4.3.21

4.4.6

Fixed in WordPress 4.4.20

4.5.5

Fixed in WordPress 4.5.19

4.7.1

Fixed in WordPress 4.7.15

4.6.2

Fixed in WordPress 4.6.16

3.7.18

Fixed in WordPress 3.7.31

3.8.18

Fixed in WordPress 3.8.31

3.9.16

Fixed in WordPress 3.9.29

4.0.15

Fixed in WordPress 4.0.28

4.1.15

Fixed in WordPress 4.1.28

4.2.12

Fixed in WordPress 4.2.25

4.3.8

Fixed in WordPress 4.3.21

4.4.7

Fixed in WordPress 4.4.20

4.5.6

Fixed in WordPress 4.5.19

4.6.3

Fixed in WordPress 4.6.16

4.7.2

Fixed in WordPress 4.7.15

3.7.19

Fixed in WordPress 3.7.31

3.8.19

Fixed in WordPress 3.8.31

3.9.17

Fixed in WordPress 3.9.29

4.0.16

Fixed in WordPress 4.0.28

4.1.16

Fixed in WordPress 4.1.28

4.2.13

Fixed in WordPress 4.2.25

4.3.9

Fixed in WordPress 4.3.21

4.4.8

Fixed in WordPress 4.4.20

4.5.7

Fixed in WordPress 4.5.19

4.6.4

Fixed in WordPress 4.6.16

4.7.3

Fixed in WordPress 4.7.15

3.7.20

Fixed in WordPress 3.7.31

3.8.20

Fixed in WordPress 3.8.31

3.9.18

Fixed in WordPress 3.9.29

4.0.17

Fixed in WordPress 4.0.28

4.1.17

Fixed in WordPress 4.1.28

4.2.14

Fixed in WordPress 4.2.25

4.3.10

Fixed in WordPress 4.3.21

4.4.9

Fixed in WordPress 4.4.20

4.5.8

Fixed in WordPress 4.5.19

4.6.5

Fixed in WordPress 4.6.16

4.7.4

Fixed in WordPress 4.7.15

4.7.5

Fixed in WordPress 4.7.15

3.7.21

Fixed in WordPress 3.7.31

3.8.21

Fixed in WordPress 3.8.31

3.9.19

Fixed in WordPress 3.9.29

4.0.18

Fixed in WordPress 4.0.28

4.1.18

Fixed in WordPress 4.1.28

4.2.15

Fixed in WordPress 4.2.25

4.3.11

Fixed in WordPress 4.3.21

4.4.10

Fixed in WordPress 4.4.20

4.5.9

Fixed in WordPress 4.5.19

4.6.6

Fixed in WordPress 4.6.16

4.8

Fixed in WordPress 4.8.11

4.8.1

Fixed in WordPress 4.8.11

3.7.22

Fixed in WordPress 3.7.31

3.8.22

Fixed in WordPress 3.8.31

3.9.20

Fixed in WordPress 3.9.29

4.0.19

Fixed in WordPress 4.0.28

4.1.19

Fixed in WordPress 4.1.28

4.2.16

Fixed in WordPress 4.2.25

4.3.12

Fixed in WordPress 4.3.21

4.4.11

Fixed in WordPress 4.4.20

4.5.10

Fixed in WordPress 4.5.19

4.6.7

Fixed in WordPress 4.6.16

4.7.6

Fixed in WordPress 4.7.15

4.8.2

Fixed in WordPress 4.8.11

4.8.3

Fixed in WordPress 4.8.11

3.7.23

Fixed in WordPress 3.7.31

3.8.23

Fixed in WordPress 3.8.31

3.9.21

Fixed in WordPress 3.9.29

4.0.20

Fixed in WordPress 4.0.28

4.1.20

Fixed in WordPress 4.1.28

4.2.17

Fixed in WordPress 4.2.25

4.3.13

Fixed in WordPress 4.3.21

4.4.12

Fixed in WordPress 4.4.20

4.5.11

Fixed in WordPress 4.5.19

4.6.8

Fixed in WordPress 4.6.16

4.7.7

Fixed in WordPress 4.7.15

4.9

Fixed in WordPress 4.9.12

4.9.1

Fixed in WordPress 4.9.12

4.8.4

Fixed in WordPress 4.8.11

4.7.8

Fixed in WordPress 4.7.15

4.6.9

Fixed in WordPress 4.6.16

4.5.12

Fixed in WordPress 4.5.19

4.4.13

Fixed in WordPress 4.4.20

4.3.14

Fixed in WordPress 4.3.21

4.2.18

Fixed in WordPress 4.2.25

4.1.21

Fixed in WordPress 4.1.28

4.0.21

Fixed in WordPress 4.0.28

3.9.22

Fixed in WordPress 3.9.29

3.8.24

Fixed in WordPress 3.8.31

3.7.24

Fixed in WordPress 3.7.31

4.9.2

Fixed in WordPress 4.9.12

4.8.5

Fixed in WordPress 4.8.11

4.7.9

Fixed in WordPress 4.7.15

4.6.10

Fixed in WordPress 4.6.16

4.5.13

Fixed in WordPress 4.5.19

4.4.14

Fixed in WordPress 4.4.20

4.3.15

Fixed in WordPress 4.3.21

4.2.19

Fixed in WordPress 4.2.25

4.1.22

Fixed in WordPress 4.1.28

4.0.22

Fixed in WordPress 4.0.28

3.9.23

Fixed in WordPress 3.9.29

3.8.25

Fixed in WordPress 3.8.31

3.7.25

Fixed in WordPress 3.7.31

4.9.3

Fixed in WordPress 4.9.12

4.9.4

Fixed in WordPress 4.9.12

3.7.26

Fixed in WordPress 3.7.31

3.8.26

Fixed in WordPress 3.8.31

3.9.24

Fixed in WordPress 3.9.29

4.0.23

Fixed in WordPress 4.0.28

4.1.23

Fixed in WordPress 4.1.28

4.2.20

Fixed in WordPress 4.2.25

4.3.16

Fixed in WordPress 4.3.21

4.4.15

Fixed in WordPress 4.4.20

4.5.14

Fixed in WordPress 4.5.19

4.6.11

Fixed in WordPress 4.6.16

4.7.10

Fixed in WordPress 4.7.15

4.8.6

Fixed in WordPress 4.8.11

4.9.5

Fixed in WordPress 4.9.12

4.9.6

Fixed in WordPress 4.9.12

3.7.27

Fixed in WordPress 3.7.31

3.8.27

Fixed in WordPress 3.8.31

3.9.25

Fixed in WordPress 3.9.29

4.0.24

Fixed in WordPress 4.0.28

4.1.24

Fixed in WordPress 4.1.28

4.2.21

Fixed in WordPress 4.2.25

4.3.17

Fixed in WordPress 4.3.21

4.4.16

Fixed in WordPress 4.4.20

4.5.15

Fixed in WordPress 4.5.19

4.6.12

Fixed in WordPress 4.6.16

4.7.11

Fixed in WordPress 4.7.15

4.8.7

Fixed in WordPress 4.8.11

4.9.7

Fixed in WordPress 4.9.12

4.9.8

Fixed in WordPress 4.9.12

5.0

Fixed in WordPress 5.0.7

5.0.1

Fixed in WordPress 5.0.7

4.9.9

Fixed in WordPress 4.9.12

4.8.8

Fixed in WordPress 4.8.11

4.7.12

Fixed in WordPress 4.7.15

4.6.13

Fixed in WordPress 4.6.16

4.5.16

Fixed in WordPress 4.5.19

4.4.17

Fixed in WordPress 4.4.20

4.3.18

Fixed in WordPress 4.3.21

4.2.22

Fixed in WordPress 4.2.25

4.1.25

Fixed in WordPress 4.1.28

4.0.25

Fixed in WordPress 4.0.28

3.9.26

Fixed in WordPress 3.9.29

3.8.28

Fixed in WordPress 3.8.31

3.7.28

Fixed in WordPress 3.7.31

5.0.2

Fixed in WordPress 5.0.7

5.0.3

Fixed in WordPress 5.0.7

5.1

Fixed in WordPress 5.1.3

5.1.1

Fixed in WordPress 5.1.3

5.0.4

Fixed in WordPress 5.0.7

4.9.10

Fixed in WordPress 4.9.12

4.8.9

Fixed in WordPress 4.8.11

4.7.13

Fixed in WordPress 4.7.15

4.6.14

Fixed in WordPress 4.6.16

4.5.17

Fixed in WordPress 4.5.19

4.4.18

Fixed in WordPress 4.4.20

4.3.19

Fixed in WordPress 4.3.21

4.2.23

Fixed in WordPress 4.2.25

4.1.26

Fixed in WordPress 4.1.28

4.0.26

Fixed in WordPress 4.0.28

3.9.27

Fixed in WordPress 3.9.29

3.8.29

Fixed in WordPress 3.8.31

3.7.29

Fixed in WordPress 3.7.31

5.2

Fixed in WordPress 5.2.4

5.2.1

Fixed in WordPress 5.2.4

5.2.2

Fixed in WordPress 5.2.4

5.2.3

Fixed in WordPress 5.2.4

5.1.2

Fixed in WordPress 5.1.3

5.0.6

Fixed in WordPress 5.0.7

4.9.11

Fixed in WordPress 4.9.12

4.8.10

Fixed in WordPress 4.8.11

4.7.14

Fixed in WordPress 4.7.15

4.6.15

Fixed in WordPress 4.6.16

4.5.18

Fixed in WordPress 4.5.19

4.4.19

Fixed in WordPress 4.4.20

4.3.20

Fixed in WordPress 4.3.21

4.2.24

Fixed in WordPress 4.2.25

4.1.27

Fixed in WordPress 4.1.28

4.0.27

Fixed in WordPress 4.0.28

3.9.28

Fixed in WordPress 3.9.29

3.8.30

Fixed in WordPress 3.8.31

3.7.30

Fixed in WordPress 3.7.31

References

CVE

CVE-2019-17671

URL

https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/

URL

https://blog.wpscan.com/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html

URL

https://github.com/WordPress/WordPress/commit/f82ed753cf00329a5e41f2cb6dc521085136f308

URL

https://0day.work/proof-of-concept-for-wordpress-5-2-3-viewing-unauthenticated-posts/

Miscellaneous

Original Researcher

J.D. Grimes

Verified

WPVDB ID

3413b879-785f-4c9f-aa8a-5a4a1d5e0ba2

Timeline

Publicly Published

2019-10-14 (about 4 years ago)

Added

2019-10-15 (about 4 years ago)

Last Updated

2020-09-22 (about 3 years ago)

Other

Published

Title

Published

2024-03-29

Title

VS Contact Form < 14.8 - CAPTCHA Bypass

Published

2015-03-08

Title

Download Monitor < 1.6.4 - Authenticated Directory Listing

Published

2015-04-05

Title

WordPress Video Gallery <= 2.8 - Unprotected Mail Page

Published

2017-05-16

Title

WordPress 3.4.0-4.7.4 - XML-RPC Post Meta Data Lack of Capability Checks

Published

2019-02-02

Title

Meta Box < 4.16.3 - Unauthorised File Deletion