WordPress <= 5.2.3 – Unauthenticated View Private/Draft Posts | CVE 2019-17671

Affects WordPress

3.8.1

Fixed in WordPress 3.8.31

3.8

Fixed in WordPress 3.8.31

3.7.1

Fixed in WordPress 3.7.31

3.9

Fixed in WordPress 3.9.29

3.9.1

Fixed in WordPress 3.9.29

3.7

Fixed in WordPress 3.7.31

3.8.2

Fixed in WordPress 3.8.31

3.8.3

Fixed in WordPress 3.8.31

3.9.2

Fixed in WordPress 3.9.29

4.0

Fixed in WordPress 4.0.28

4.1

Fixed in WordPress 4.1.28

4.1.1

Fixed in WordPress 4.1.28

4.2

Fixed in WordPress 4.2.25

3.9.3

Fixed in WordPress 3.9.29

4.1.2

Fixed in WordPress 4.1.28

4.2.1

Fixed in WordPress 4.2.25

4.0.1

Fixed in WordPress 4.0.28

4.1.5

Fixed in WordPress 4.1.28

4.1.4

Fixed in WordPress 4.1.28

4.1.3

Fixed in WordPress 4.1.28

3.8.4

Fixed in WordPress 3.8.31

3.7.4

Fixed in WordPress 3.7.31

4.2.3

Fixed in WordPress 4.2.25

3.8.8

Fixed in WordPress 3.8.31

3.8.5

Fixed in WordPress 3.8.31

3.8.6

Fixed in WordPress 3.8.31

3.8.7

Fixed in WordPress 3.8.31

3.7.2

Fixed in WordPress 3.7.31

3.7.3

Fixed in WordPress 3.7.31

3.7.5

Fixed in WordPress 3.7.31

3.7.6

Fixed in WordPress 3.7.31

3.7.7

Fixed in WordPress 3.7.31

3.7.8

Fixed in WordPress 3.7.31

3.7.9

Fixed in WordPress 3.7.31

3.8.9

Fixed in WordPress 3.8.31

3.9.4

Fixed in WordPress 3.9.29

3.9.5

Fixed in WordPress 3.9.29

3.9.6

Fixed in WordPress 3.9.29

3.9.7

Fixed in WordPress 3.9.29

4.0.2

Fixed in WordPress 4.0.28

4.0.3

Fixed in WordPress 4.0.28

4.0.4

Fixed in WordPress 4.0.28

4.0.5

Fixed in WordPress 4.0.28

4.0.6

Fixed in WordPress 4.0.28

4.1.6

Fixed in WordPress 4.1.28

4.2.2

Fixed in WordPress 4.2.25

4.2.4

Fixed in WordPress 4.2.25

4.1.7

Fixed in WordPress 4.1.28

4.0.7

Fixed in WordPress 4.0.28

3.9.8

Fixed in WordPress 3.9.29

3.8.10

Fixed in WordPress 3.8.31

3.7.10

Fixed in WordPress 3.7.31

4.3

Fixed in WordPress 4.3.21

4.3.1

Fixed in WordPress 4.3.21

4.2.5

Fixed in WordPress 4.2.25

4.1.8

Fixed in WordPress 4.1.28

4.0.8

Fixed in WordPress 4.0.28

3.9.9

Fixed in WordPress 3.9.29

3.8.11

Fixed in WordPress 3.8.31

3.7.11

Fixed in WordPress 3.7.31

4.4

Fixed in WordPress 4.4.20

3.7.12

Fixed in WordPress 3.7.31

3.8.12

Fixed in WordPress 3.8.31

3.9.10

Fixed in WordPress 3.9.29

4.0.9

Fixed in WordPress 4.0.28

4.1.9

Fixed in WordPress 4.1.28

4.2.6

Fixed in WordPress 4.2.25

4.3.2

Fixed in WordPress 4.3.21

4.4.1

Fixed in WordPress 4.4.20

4.4.2

Fixed in WordPress 4.4.20

4.3.3

Fixed in WordPress 4.3.21

4.2.7

Fixed in WordPress 4.2.25

4.1.10

Fixed in WordPress 4.1.28

4.0.10

Fixed in WordPress 4.0.28

3.9.11

Fixed in WordPress 3.9.29

3.8.13

Fixed in WordPress 3.8.31

3.7.13

Fixed in WordPress 3.7.31

4.5

Fixed in WordPress 4.5.19

4.5.1

Fixed in WordPress 4.5.19

3.7.14

Fixed in WordPress 3.7.31

3.8.14

Fixed in WordPress 3.8.31

3.9.12

Fixed in WordPress 3.9.29

4.0.11

Fixed in WordPress 4.0.28

4.1.11

Fixed in WordPress 4.1.28

4.2.8

Fixed in WordPress 4.2.25

4.3.4

Fixed in WordPress 4.3.21

4.4.3

Fixed in WordPress 4.4.20

4.5.2

Fixed in WordPress 4.5.19

4.5.3

Fixed in WordPress 4.5.19

3.7.15

Fixed in WordPress 3.7.31

3.8.15

Fixed in WordPress 3.8.31

3.9.13

Fixed in WordPress 3.9.29

4.0.12

Fixed in WordPress 4.0.28

4.1.12

Fixed in WordPress 4.1.28

4.2.9

Fixed in WordPress 4.2.25

4.3.5

Fixed in WordPress 4.3.21

4.4.4

Fixed in WordPress 4.4.20

4.6

Fixed in WordPress 4.6.16

3.7.16

Fixed in WordPress 3.7.31

3.8.16

Fixed in WordPress 3.8.31

3.9.14

Fixed in WordPress 3.9.29

4.0.13

Fixed in WordPress 4.0.28

4.1.13

Fixed in WordPress 4.1.28

4.2.10

Fixed in WordPress 4.2.25

4.3.6

Fixed in WordPress 4.3.21

4.4.5

Fixed in WordPress 4.4.20

4.5.4

Fixed in WordPress 4.5.19

4.6.1

Fixed in WordPress 4.6.16

4.7

Fixed in WordPress 4.7.15

3.7.17

Fixed in WordPress 3.7.31

3.8.17

Fixed in WordPress 3.8.31

3.9.15

Fixed in WordPress 3.9.29

4.0.14

Fixed in WordPress 4.0.28

4.1.14

Fixed in WordPress 4.1.28

4.2.11

Fixed in WordPress 4.2.25

4.3.7

Fixed in WordPress 4.3.21

4.4.6

Fixed in WordPress 4.4.20

4.5.5

Fixed in WordPress 4.5.19

4.7.1

Fixed in WordPress 4.7.15

4.6.2

Fixed in WordPress 4.6.16

3.7.18

Fixed in WordPress 3.7.31

3.8.18

Fixed in WordPress 3.8.31

3.9.16

Fixed in WordPress 3.9.29

4.0.15

Fixed in WordPress 4.0.28

4.1.15

Fixed in WordPress 4.1.28

4.2.12

Fixed in WordPress 4.2.25

4.3.8

Fixed in WordPress 4.3.21

4.4.7

Fixed in WordPress 4.4.20

4.5.6

Fixed in WordPress 4.5.19

4.6.3

Fixed in WordPress 4.6.16

4.7.2

Fixed in WordPress 4.7.15

3.7.19

Fixed in WordPress 3.7.31

3.8.19

Fixed in WordPress 3.8.31

3.9.17

Fixed in WordPress 3.9.29

4.0.16

Fixed in WordPress 4.0.28

4.1.16

Fixed in WordPress 4.1.28

4.2.13

Fixed in WordPress 4.2.25

4.3.9

Fixed in WordPress 4.3.21

4.4.8

Fixed in WordPress 4.4.20

4.5.7

Fixed in WordPress 4.5.19

4.6.4

Fixed in WordPress 4.6.16

4.7.3

Fixed in WordPress 4.7.15

3.7.20

Fixed in WordPress 3.7.31

3.8.20

Fixed in WordPress 3.8.31

3.9.18

Fixed in WordPress 3.9.29

4.0.17

Fixed in WordPress 4.0.28

4.1.17

Fixed in WordPress 4.1.28

4.2.14

Fixed in WordPress 4.2.25

4.3.10

Fixed in WordPress 4.3.21

4.4.9

Fixed in WordPress 4.4.20

4.5.8

Fixed in WordPress 4.5.19

4.6.5

Fixed in WordPress 4.6.16

4.7.4

Fixed in WordPress 4.7.15

4.7.5

Fixed in WordPress 4.7.15

3.7.21

Fixed in WordPress 3.7.31

3.8.21

Fixed in WordPress 3.8.31

3.9.19

Fixed in WordPress 3.9.29

4.0.18

Fixed in WordPress 4.0.28

4.1.18

Fixed in WordPress 4.1.28

4.2.15

Fixed in WordPress 4.2.25

4.3.11

Fixed in WordPress 4.3.21

4.4.10

Fixed in WordPress 4.4.20

4.5.9

Fixed in WordPress 4.5.19

4.6.6

Fixed in WordPress 4.6.16

4.8

Fixed in WordPress 4.8.11

4.8.1

Fixed in WordPress 4.8.11

3.7.22

Fixed in WordPress 3.7.31

3.8.22

Fixed in WordPress 3.8.31

3.9.20

Fixed in WordPress 3.9.29

4.0.19

Fixed in WordPress 4.0.28

4.1.19

Fixed in WordPress 4.1.28

4.2.16

Fixed in WordPress 4.2.25

4.3.12

Fixed in WordPress 4.3.21

4.4.11

Fixed in WordPress 4.4.20

4.5.10

Fixed in WordPress 4.5.19

4.6.7

Fixed in WordPress 4.6.16

4.7.6

Fixed in WordPress 4.7.15

4.8.2

Fixed in WordPress 4.8.11

4.8.3

Fixed in WordPress 4.8.11

3.7.23

Fixed in WordPress 3.7.31

3.8.23

Fixed in WordPress 3.8.31

3.9.21

Fixed in WordPress 3.9.29

4.0.20

Fixed in WordPress 4.0.28

4.1.20

Fixed in WordPress 4.1.28

4.2.17

Fixed in WordPress 4.2.25

4.3.13

Fixed in WordPress 4.3.21

4.4.12

Fixed in WordPress 4.4.20

4.5.11

Fixed in WordPress 4.5.19

4.6.8

Fixed in WordPress 4.6.16

4.7.7

Fixed in WordPress 4.7.15

4.9

Fixed in WordPress 4.9.12

4.9.1

Fixed in WordPress 4.9.12

4.8.4

Fixed in WordPress 4.8.11

4.7.8

Fixed in WordPress 4.7.15

4.6.9

Fixed in WordPress 4.6.16

4.5.12

Fixed in WordPress 4.5.19

4.4.13

Fixed in WordPress 4.4.20

4.3.14

Fixed in WordPress 4.3.21

4.2.18

Fixed in WordPress 4.2.25

4.1.21

Fixed in WordPress 4.1.28

4.0.21

Fixed in WordPress 4.0.28

3.9.22

Fixed in WordPress 3.9.29

3.8.24

Fixed in WordPress 3.8.31

3.7.24

Fixed in WordPress 3.7.31

4.9.2

Fixed in WordPress 4.9.12

4.8.5

Fixed in WordPress 4.8.11

4.7.9

Fixed in WordPress 4.7.15

4.6.10

Fixed in WordPress 4.6.16

4.5.13

Fixed in WordPress 4.5.19

4.4.14

Fixed in WordPress 4.4.20

4.3.15

Fixed in WordPress 4.3.21

4.2.19

Fixed in WordPress 4.2.25

4.1.22

Fixed in WordPress 4.1.28

4.0.22

Fixed in WordPress 4.0.28

3.9.23

Fixed in WordPress 3.9.29

3.8.25

Fixed in WordPress 3.8.31

3.7.25

Fixed in WordPress 3.7.31

4.9.3

Fixed in WordPress 4.9.12

4.9.4

Fixed in WordPress 4.9.12

3.7.26

Fixed in WordPress 3.7.31

3.8.26

Fixed in WordPress 3.8.31

3.9.24

Fixed in WordPress 3.9.29

4.0.23

Fixed in WordPress 4.0.28

4.1.23

Fixed in WordPress 4.1.28

4.2.20

Fixed in WordPress 4.2.25

4.3.16

Fixed in WordPress 4.3.21

4.4.15

Fixed in WordPress 4.4.20

4.5.14

Fixed in WordPress 4.5.19

4.6.11

Fixed in WordPress 4.6.16

4.7.10

Fixed in WordPress 4.7.15

4.8.6

Fixed in WordPress 4.8.11

4.9.5

Fixed in WordPress 4.9.12

4.9.6

Fixed in WordPress 4.9.12

3.7.27

Fixed in WordPress 3.7.31

3.8.27

Fixed in WordPress 3.8.31

3.9.25

Fixed in WordPress 3.9.29

4.0.24

Fixed in WordPress 4.0.28

4.1.24

Fixed in WordPress 4.1.28

4.2.21

Fixed in WordPress 4.2.25

4.3.17

Fixed in WordPress 4.3.21

4.4.16

Fixed in WordPress 4.4.20

4.5.15

Fixed in WordPress 4.5.19

4.6.12

Fixed in WordPress 4.6.16

4.7.11

Fixed in WordPress 4.7.15

4.8.7

Fixed in WordPress 4.8.11

4.9.7

Fixed in WordPress 4.9.12

4.9.8

Fixed in WordPress 4.9.12

5.0

Fixed in WordPress 5.0.7

5.0.1

Fixed in WordPress 5.0.7

4.9.9

Fixed in WordPress 4.9.12

4.8.8

Fixed in WordPress 4.8.11

4.7.12

Fixed in WordPress 4.7.15

4.6.13

Fixed in WordPress 4.6.16

4.5.16

Fixed in WordPress 4.5.19

4.4.17

Fixed in WordPress 4.4.20

4.3.18

Fixed in WordPress 4.3.21

4.2.22

Fixed in WordPress 4.2.25

4.1.25

Fixed in WordPress 4.1.28

4.0.25

Fixed in WordPress 4.0.28

3.9.26

Fixed in WordPress 3.9.29

3.8.28

Fixed in WordPress 3.8.31

3.7.28

Fixed in WordPress 3.7.31

5.0.2

Fixed in WordPress 5.0.7

5.0.3

Fixed in WordPress 5.0.7

5.1

Fixed in WordPress 5.1.3

5.1.1

Fixed in WordPress 5.1.3

5.0.4

Fixed in WordPress 5.0.7

4.9.10

Fixed in WordPress 4.9.12

4.8.9

Fixed in WordPress 4.8.11

4.7.13

Fixed in WordPress 4.7.15

4.6.14

Fixed in WordPress 4.6.16

4.5.17

Fixed in WordPress 4.5.19

4.4.18

Fixed in WordPress 4.4.20

4.3.19

Fixed in WordPress 4.3.21

4.2.23

Fixed in WordPress 4.2.25

4.1.26

Fixed in WordPress 4.1.28

4.0.26

Fixed in WordPress 4.0.28

3.9.27

Fixed in WordPress 3.9.29

3.8.29

Fixed in WordPress 3.8.31

3.7.29

Fixed in WordPress 3.7.31

5.2

Fixed in WordPress 5.2.4

5.2.1

Fixed in WordPress 5.2.4

5.2.2

Fixed in WordPress 5.2.4

5.2.3

Fixed in WordPress 5.2.4

5.1.2

Fixed in WordPress 5.1.3

5.0.6

Fixed in WordPress 5.0.7

4.9.11

Fixed in WordPress 4.9.12

4.8.10

Fixed in WordPress 4.8.11

4.7.14

Fixed in WordPress 4.7.15

4.6.15

Fixed in WordPress 4.6.16

4.5.18

Fixed in WordPress 4.5.19

4.4.19

Fixed in WordPress 4.4.20

4.3.20

Fixed in WordPress 4.3.21

4.2.24

Fixed in WordPress 4.2.25

4.1.27

Fixed in WordPress 4.1.28

4.0.27

Fixed in WordPress 4.0.28

3.9.28

Fixed in WordPress 3.9.29

3.8.30

Fixed in WordPress 3.8.31

3.7.30

Fixed in WordPress 3.7.31

References

CVE

CVE-2019-17671

URL

https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/

URL

https://blog.wpscan.com/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html

URL

https://github.com/WordPress/WordPress/commit/f82ed753cf00329a5e41f2cb6dc521085136f308

URL

https://0day.work/proof-of-concept-for-wordpress-5-2-3-viewing-unauthenticated-posts/

Miscellaneous

Original Researcher

J.D. Grimes

Verified

WPVDB ID

3413b879-785f-4c9f-aa8a-5a4a1d5e0ba2

Timeline

Publicly Published

2019-10-14 (about 6 years ago)

Added

2019-10-15 (about 6 years ago)

Last Updated

2020-09-22 (about 5 years ago)

Other

Published

Title

Published

2015-07-13

Title

CP Image Store with Slideshow <= 1.0.6 - Purchase ID Brute Force Prevention

Published

2024-08-30

Title

Web Application Firewall < 2.1.3 - IP Address Spoofing to Protection Mechanism Bypass

Published

2025-01-21

Title

AdForest < 5.1.9 - Authentication Bypass

Published

2014-08-01

Title

WordPress 3.7.1 & 3.8.1 - Privilege Escalation

Published

2017-12-12

Title

Rating-Widget: Star Review System < 2.9.0 - Enable Debugging