WordPress <= 5.2.3 – JSON Request Cache Poisoning | CVE 2019-17673

Affects WordPress

3.8.1

Fixed in WordPress 3.8.31

3.8

Fixed in WordPress 3.8.31

3.7.1

Fixed in WordPress 3.7.31

3.9

Fixed in WordPress 3.9.29

3.9.1

Fixed in WordPress 3.9.29

3.7

Fixed in WordPress 3.7.31

3.8.2

Fixed in WordPress 3.8.31

3.8.3

Fixed in WordPress 3.8.31

3.9.2

Fixed in WordPress 3.9.29

4.0

Fixed in WordPress 4.0.28

4.1

Fixed in WordPress 4.1.28

4.1.1

Fixed in WordPress 4.1.28

4.2

Fixed in WordPress 4.2.25

3.9.3

Fixed in WordPress 3.9.29

4.1.2

Fixed in WordPress 4.1.28

4.2.1

Fixed in WordPress 4.2.25

4.0.1

Fixed in WordPress 4.0.28

4.1.5

Fixed in WordPress 4.1.28

4.1.4

Fixed in WordPress 4.1.28

4.1.3

Fixed in WordPress 4.1.28

3.8.4

Fixed in WordPress 3.8.31

3.7.4

Fixed in WordPress 3.7.31

4.2.3

Fixed in WordPress 4.2.25

3.8.8

Fixed in WordPress 3.8.31

3.8.5

Fixed in WordPress 3.8.31

3.8.6

Fixed in WordPress 3.8.31

3.8.7

Fixed in WordPress 3.8.31

3.7.2

Fixed in WordPress 3.7.31

3.7.3

Fixed in WordPress 3.7.31

3.7.5

Fixed in WordPress 3.7.31

3.7.6

Fixed in WordPress 3.7.31

3.7.7

Fixed in WordPress 3.7.31

3.7.8

Fixed in WordPress 3.7.31

3.7.9

Fixed in WordPress 3.7.31

3.8.9

Fixed in WordPress 3.8.31

3.9.4

Fixed in WordPress 3.9.29

3.9.5

Fixed in WordPress 3.9.29

3.9.6

Fixed in WordPress 3.9.29

3.9.7

Fixed in WordPress 3.9.29

4.0.2

Fixed in WordPress 4.0.28

4.0.3

Fixed in WordPress 4.0.28

4.0.4

Fixed in WordPress 4.0.28

4.0.5

Fixed in WordPress 4.0.28

4.0.6

Fixed in WordPress 4.0.28

4.1.6

Fixed in WordPress 4.1.28

4.2.2

Fixed in WordPress 4.2.25

4.2.4

Fixed in WordPress 4.2.25

4.1.7

Fixed in WordPress 4.1.28

4.0.7

Fixed in WordPress 4.0.28

3.9.8

Fixed in WordPress 3.9.29

3.8.10

Fixed in WordPress 3.8.31

3.7.10

Fixed in WordPress 3.7.31

4.3

Fixed in WordPress 4.3.21

4.3.1

Fixed in WordPress 4.3.21

4.2.5

Fixed in WordPress 4.2.25

4.1.8

Fixed in WordPress 4.1.28

4.0.8

Fixed in WordPress 4.0.28

3.9.9

Fixed in WordPress 3.9.29

3.8.11

Fixed in WordPress 3.8.31

3.7.11

Fixed in WordPress 3.7.31

4.4

Fixed in WordPress 4.4.20

3.7.12

Fixed in WordPress 3.7.31

3.8.12

Fixed in WordPress 3.8.31

3.9.10

Fixed in WordPress 3.9.29

4.0.9

Fixed in WordPress 4.0.28

4.1.9

Fixed in WordPress 4.1.28

4.2.6

Fixed in WordPress 4.2.25

4.3.2

Fixed in WordPress 4.3.21

4.4.1

Fixed in WordPress 4.4.20

4.4.2

Fixed in WordPress 4.4.20

4.3.3

Fixed in WordPress 4.3.21

4.2.7

Fixed in WordPress 4.2.25

4.1.10

Fixed in WordPress 4.1.28

4.0.10

Fixed in WordPress 4.0.28

3.9.11

Fixed in WordPress 3.9.29

3.8.13

Fixed in WordPress 3.8.31

3.7.13

Fixed in WordPress 3.7.31

4.5

Fixed in WordPress 4.5.19

4.5.1

Fixed in WordPress 4.5.19

3.7.14

Fixed in WordPress 3.7.31

3.8.14

Fixed in WordPress 3.8.31

3.9.12

Fixed in WordPress 3.9.29

4.0.11

Fixed in WordPress 4.0.28

4.1.11

Fixed in WordPress 4.1.28

4.2.8

Fixed in WordPress 4.2.25

4.3.4

Fixed in WordPress 4.3.21

4.4.3

Fixed in WordPress 4.4.20

4.5.2

Fixed in WordPress 4.5.19

4.5.3

Fixed in WordPress 4.5.19

3.7.15

Fixed in WordPress 3.7.31

3.8.15

Fixed in WordPress 3.8.31

3.9.13

Fixed in WordPress 3.9.29

4.0.12

Fixed in WordPress 4.0.28

4.1.12

Fixed in WordPress 4.1.28

4.2.9

Fixed in WordPress 4.2.25

4.3.5

Fixed in WordPress 4.3.21

4.4.4

Fixed in WordPress 4.4.20

4.6

Fixed in WordPress 4.6.16

3.7.16

Fixed in WordPress 3.7.31

3.8.16

Fixed in WordPress 3.8.31

3.9.14

Fixed in WordPress 3.9.29

4.0.13

Fixed in WordPress 4.0.28

4.1.13

Fixed in WordPress 4.1.28

4.2.10

Fixed in WordPress 4.2.25

4.3.6

Fixed in WordPress 4.3.21

4.4.5

Fixed in WordPress 4.4.20

4.5.4

Fixed in WordPress 4.5.19

4.6.1

Fixed in WordPress 4.6.16

4.7

Fixed in WordPress 4.7.15

3.7.17

Fixed in WordPress 3.7.31

3.8.17

Fixed in WordPress 3.8.31

3.9.15

Fixed in WordPress 3.9.29

4.0.14

Fixed in WordPress 4.0.28

4.1.14

Fixed in WordPress 4.1.28

4.2.11

Fixed in WordPress 4.2.25

4.3.7

Fixed in WordPress 4.3.21

4.4.6

Fixed in WordPress 4.4.20

4.5.5

Fixed in WordPress 4.5.19

4.7.1

Fixed in WordPress 4.7.15

4.6.2

Fixed in WordPress 4.6.16

3.7.18

Fixed in WordPress 3.7.31

3.8.18

Fixed in WordPress 3.8.31

3.9.16

Fixed in WordPress 3.9.29

4.0.15

Fixed in WordPress 4.0.28

4.1.15

Fixed in WordPress 4.1.28

4.2.12

Fixed in WordPress 4.2.25

4.3.8

Fixed in WordPress 4.3.21

4.4.7

Fixed in WordPress 4.4.20

4.5.6

Fixed in WordPress 4.5.19

4.6.3

Fixed in WordPress 4.6.16

4.7.2

Fixed in WordPress 4.7.15

3.7.19

Fixed in WordPress 3.7.31

3.8.19

Fixed in WordPress 3.8.31

3.9.17

Fixed in WordPress 3.9.29

4.0.16

Fixed in WordPress 4.0.28

4.1.16

Fixed in WordPress 4.1.28

4.2.13

Fixed in WordPress 4.2.25

4.3.9

Fixed in WordPress 4.3.21

4.4.8

Fixed in WordPress 4.4.20

4.5.7

Fixed in WordPress 4.5.19

4.6.4

Fixed in WordPress 4.6.16

4.7.3

Fixed in WordPress 4.7.15

3.7.20

Fixed in WordPress 3.7.31

3.8.20

Fixed in WordPress 3.8.31

3.9.18

Fixed in WordPress 3.9.29

4.0.17

Fixed in WordPress 4.0.28

4.1.17

Fixed in WordPress 4.1.28

4.2.14

Fixed in WordPress 4.2.25

4.3.10

Fixed in WordPress 4.3.21

4.4.9

Fixed in WordPress 4.4.20

4.5.8

Fixed in WordPress 4.5.19

4.6.5

Fixed in WordPress 4.6.16

4.7.4

Fixed in WordPress 4.7.15

4.7.5

Fixed in WordPress 4.7.15

3.7.21

Fixed in WordPress 3.7.31

3.8.21

Fixed in WordPress 3.8.31

3.9.19

Fixed in WordPress 3.9.29

4.0.18

Fixed in WordPress 4.0.28

4.1.18

Fixed in WordPress 4.1.28

4.2.15

Fixed in WordPress 4.2.25

4.3.11

Fixed in WordPress 4.3.21

4.4.10

Fixed in WordPress 4.4.20

4.5.9

Fixed in WordPress 4.5.19

4.6.6

Fixed in WordPress 4.6.16

4.8

Fixed in WordPress 4.8.11

4.8.1

Fixed in WordPress 4.8.11

3.7.22

Fixed in WordPress 3.7.31

3.8.22

Fixed in WordPress 3.8.31

3.9.20

Fixed in WordPress 3.9.29

4.0.19

Fixed in WordPress 4.0.28

4.1.19

Fixed in WordPress 4.1.28

4.2.16

Fixed in WordPress 4.2.25

4.3.12

Fixed in WordPress 4.3.21

4.4.11

Fixed in WordPress 4.4.20

4.5.10

Fixed in WordPress 4.5.19

4.6.7

Fixed in WordPress 4.6.16

4.7.6

Fixed in WordPress 4.7.15

4.8.2

Fixed in WordPress 4.8.11

4.8.3

Fixed in WordPress 4.8.11

3.7.23

Fixed in WordPress 3.7.31

3.8.23

Fixed in WordPress 3.8.31

3.9.21

Fixed in WordPress 3.9.29

4.0.20

Fixed in WordPress 4.0.28

4.1.20

Fixed in WordPress 4.1.28

4.2.17

Fixed in WordPress 4.2.25

4.3.13

Fixed in WordPress 4.3.21

4.4.12

Fixed in WordPress 4.4.20

4.5.11

Fixed in WordPress 4.5.19

4.6.8

Fixed in WordPress 4.6.16

4.7.7

Fixed in WordPress 4.7.15

4.9

Fixed in WordPress 4.9.12

4.9.1

Fixed in WordPress 4.9.12

4.8.4

Fixed in WordPress 4.8.11

4.7.8

Fixed in WordPress 4.7.15

4.6.9

Fixed in WordPress 4.6.16

4.5.12

Fixed in WordPress 4.5.19

4.4.13

Fixed in WordPress 4.4.20

4.3.14

Fixed in WordPress 4.3.21

4.2.18

Fixed in WordPress 4.2.25

4.1.21

Fixed in WordPress 4.1.28

4.0.21

Fixed in WordPress 4.0.28

3.9.22

Fixed in WordPress 3.9.29

3.8.24

Fixed in WordPress 3.8.31

3.7.24

Fixed in WordPress 3.7.31

4.9.2

Fixed in WordPress 4.9.12

4.8.5

Fixed in WordPress 4.8.11

4.7.9

Fixed in WordPress 4.7.15

4.6.10

Fixed in WordPress 4.6.16

4.5.13

Fixed in WordPress 4.5.19

4.4.14

Fixed in WordPress 4.4.20

4.3.15

Fixed in WordPress 4.3.21

4.2.19

Fixed in WordPress 4.2.25

4.1.22

Fixed in WordPress 4.1.28

4.0.22

Fixed in WordPress 4.0.28

3.9.23

Fixed in WordPress 3.9.29

3.8.25

Fixed in WordPress 3.8.31

3.7.25

Fixed in WordPress 3.7.31

4.9.3

Fixed in WordPress 4.9.12

4.9.4

Fixed in WordPress 4.9.12

3.7.26

Fixed in WordPress 3.7.31

3.8.26

Fixed in WordPress 3.8.31

3.9.24

Fixed in WordPress 3.9.29

4.0.23

Fixed in WordPress 4.0.28

4.1.23

Fixed in WordPress 4.1.28

4.2.20

Fixed in WordPress 4.2.25

4.3.16

Fixed in WordPress 4.3.21

4.4.15

Fixed in WordPress 4.4.20

4.5.14

Fixed in WordPress 4.5.19

4.6.11

Fixed in WordPress 4.6.16

4.7.10

Fixed in WordPress 4.7.15

4.8.6

Fixed in WordPress 4.8.11

4.9.5

Fixed in WordPress 4.9.12

4.9.6

Fixed in WordPress 4.9.12

3.7.27

Fixed in WordPress 3.7.31

3.8.27

Fixed in WordPress 3.8.31

3.9.25

Fixed in WordPress 3.9.29

4.0.24

Fixed in WordPress 4.0.28

4.1.24

Fixed in WordPress 4.1.28

4.2.21

Fixed in WordPress 4.2.25

4.3.17

Fixed in WordPress 4.3.21

4.4.16

Fixed in WordPress 4.4.20

4.5.15

Fixed in WordPress 4.5.19

4.6.12

Fixed in WordPress 4.6.16

4.7.11

Fixed in WordPress 4.7.15

4.8.7

Fixed in WordPress 4.8.11

4.9.7

Fixed in WordPress 4.9.12

4.9.8

Fixed in WordPress 4.9.12

5.0

Fixed in WordPress 5.0.7

5.0.1

Fixed in WordPress 5.0.7

4.9.9

Fixed in WordPress 4.9.12

4.8.8

Fixed in WordPress 4.8.11

4.7.12

Fixed in WordPress 4.7.15

4.6.13

Fixed in WordPress 4.6.16

4.5.16

Fixed in WordPress 4.5.19

4.4.17

Fixed in WordPress 4.4.20

4.3.18

Fixed in WordPress 4.3.21

4.2.22

Fixed in WordPress 4.2.25

4.1.25

Fixed in WordPress 4.1.28

4.0.25

Fixed in WordPress 4.0.28

3.9.26

Fixed in WordPress 3.9.29

3.8.28

Fixed in WordPress 3.8.31

3.7.28

Fixed in WordPress 3.7.31

5.0.2

Fixed in WordPress 5.0.7

5.0.3

Fixed in WordPress 5.0.7

5.1

Fixed in WordPress 5.1.3

5.1.1

Fixed in WordPress 5.1.3

5.0.4

Fixed in WordPress 5.0.7

4.9.10

Fixed in WordPress 4.9.12

4.8.9

Fixed in WordPress 4.8.11

4.7.13

Fixed in WordPress 4.7.15

4.6.14

Fixed in WordPress 4.6.16

4.5.17

Fixed in WordPress 4.5.19

4.4.18

Fixed in WordPress 4.4.20

4.3.19

Fixed in WordPress 4.3.21

4.2.23

Fixed in WordPress 4.2.25

4.1.26

Fixed in WordPress 4.1.28

4.0.26

Fixed in WordPress 4.0.28

3.9.27

Fixed in WordPress 3.9.29

3.8.29

Fixed in WordPress 3.8.31

3.7.29

Fixed in WordPress 3.7.31

5.2

Fixed in WordPress 5.2.4

5.2.1

Fixed in WordPress 5.2.4

5.2.2

Fixed in WordPress 5.2.4

5.2.3

Fixed in WordPress 5.2.4

5.1.2

Fixed in WordPress 5.1.3

5.0.6

Fixed in WordPress 5.0.7

4.9.11

Fixed in WordPress 4.9.12

4.8.10

Fixed in WordPress 4.8.11

4.7.14

Fixed in WordPress 4.7.15

4.6.15

Fixed in WordPress 4.6.16

4.5.18

Fixed in WordPress 4.5.19

4.4.19

Fixed in WordPress 4.4.20

4.3.20

Fixed in WordPress 4.3.21

4.2.24

Fixed in WordPress 4.2.25

4.1.27

Fixed in WordPress 4.1.28

4.0.27

Fixed in WordPress 4.0.28

3.9.28

Fixed in WordPress 3.9.29

3.8.30

Fixed in WordPress 3.8.31

3.7.30

Fixed in WordPress 3.7.31

References

CVE

CVE-2019-17673

URL

https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/

URL

https://github.com/WordPress/WordPress/commit/b224c251adfa16a5f84074a3c0886270c9df38de

URL

https://blog.wpscan.com/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html

Miscellaneous

Original Researcher

David Newman

Verified

WPVDB ID

7804d8ed-457a-407e-83a7-345d3bbe07b2

Timeline

Publicly Published

2019-10-14 (about 6 years ago)

Added

2019-10-15 (about 6 years ago)

Last Updated

2020-09-22 (about 5 years ago)

Other

Published

Title

Published

2014-08-01

Title

mb.YTPlayer for background videos 1.7.2 - TinyMCE Popup Unspecified Issue

Published

2018-08-21

Title

Ninja Forms <= 3.3.13 - CSV Injection

Published

2015-09-30

Title

Ninja Forms <= 2.9.27 - Malicious File Export

Published

2014-08-01

Title

WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass

Published

2017-05-03

Title

WordPress 2.3-4.8.3 - Host Header Injection in Password Reset