WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Vulnerabilities

WordPress <= 5.3 - Authenticated Improper Access Controls in REST API

Description

An unprivileged user could make a post sticky via the REST API. Authenticated users who do not have the rights to publish a post were able to mark posts as sticky or unsticky via the REST API. For example, the contributor role does not have such rights, but this allowed them to bypass that.

Affects WordPress

3.8.1
Fixed in version 3.8.32
3.8
Fixed in version 3.8.32
3.7.1
Fixed in version 3.7.32
3.9
Fixed in version 3.9.30
3.9.1
Fixed in version 3.9.30
3.7
Fixed in version 3.7.32
3.8.2
Fixed in version 3.8.32
3.8.3
Fixed in version 3.8.32
3.9.2
Fixed in version 3.9.30
4.0
Fixed in version 4.0.29

References

CVE
CVE-2019-20043
CVE
CVE-2019-16788
URL
https://wordpress.org/news/2019/12/wordpress-5-3-1-security-and-maintenance-release/
URL
https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-g7rg-hchx-c2gw

Classification

Type

PRIVESC

OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-269

Miscellaneous

Original Researcher

Daniel Bachhuber

Verified

No

WPVDB ID
4a6de154-5fbd-4c80-acd3-8902ee431bd8

Timeline

Publicly Published

2019-12-13 (about 2 years ago)

Added

2019-12-13 (about 2 years ago)

Last Updated

2020-12-15 (about 1 years ago)

Our Other Services

WPScan WordPress Security Plugin