CVE-2019-17669 – WordPress Core < 5.2.4 - Server Side Request Forgery
https://notcve.org/view.php?id=CVE-2019-17669
WordPress before 5.2.4 has a Server Side Request Forgery (SSRF) vulnerability because URL validation does not consider the interpretation of a name as a series of hex characters. WordPress versiones anteriores a 5.2.4, presenta una vulnerabilidad de tipo Server Side Request Forgery (SSRF) porque la comprobación de URL no considera la interpretación de un nombre como una serie de caracteres hexadecimales. • https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html https://core.trac.wordpress.org/changeset/46475 https://github.com/WordPress/WordPress/commit/608d39faed63ea212b6c6cdf9fe2bef92e2120ea https://lists.debian.org/debian-lts-announce/2019/11/msg00000.html https://seclists.org/bugtraq/2020/Jan/8 https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release https://wpvulndb.com/vulnerabilities/9912 https://www.debian.org/security/2020/dsa-4 • CWE-918: Server-Side Request Forgery (SSRF) •
CVE-2019-17675 – WordPress Core < 5.2.4 - Type Confusion
https://notcve.org/view.php?id=CVE-2019-17675
WordPress before 5.2.4 does not properly consider type confusion during validation of the referer in the admin pages, possibly leading to CSRF. WordPress antes de 5.2.4, no considera apropiadamente la confusión de tipos durante la comprobación del referente en las páginas de administración, conllevando posiblemente a un ataque de tipo CSRF. • https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html https://core.trac.wordpress.org/changeset/46477 https://github.com/WordPress/WordPress/commit/b183fd1cca0b44a92f0264823dd9f22d2fd8b8d0 https://lists.debian.org/debian-lts-announce/2019/11/msg00000.html https://seclists.org/bugtraq/2020/Jan/8 https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release https://wpvulndb.com/vulnerabilities/9913 https://www.debian.org/security/2020/dsa-4 • CWE-352: Cross-Site Request Forgery (CSRF) CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVE-2019-17673 – WordPress Core < 5.2.4 - Cache Poisoning
https://notcve.org/view.php?id=CVE-2019-17673
WordPress before 5.2.4 is vulnerable to poisoning of the cache of JSON GET requests because certain requests lack a Vary: Origin header. WordPress versiones anteriores a 5.2.4, es vulnerable al envenenamiento de la memoria caché de peticiones JSON GET porque ciertas peticiones carecen de un encabezado Vary: Origin. • https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html https://core.trac.wordpress.org/changeset/46478 https://github.com/WordPress/WordPress/commit/b224c251adfa16a5f84074a3c0886270c9df38de https://seclists.org/bugtraq/2020/Jan/8 https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release https://wpvulndb.com/vulnerabilities/9911 https://www.debian.org/security/2020/dsa-4599 https://www.debian.org/security/2020/dsa-4677 • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVE-2019-17670 – WordPress Core < 5.2.4 - Server Side Request Forgery #2
https://notcve.org/view.php?id=CVE-2019-17670
WordPress before 5.2.4 has a Server Side Request Forgery (SSRF) vulnerability because Windows paths are mishandled during certain validation of relative URLs. WordPress versiones anteriores a 5.2.4, presenta una vulnerabilidad de tipo Server Side Request Forgery (SSRF) porque las rutas (paths) de Windows son manejadas inapropiadamente durante cierta comprobación de las URL relativas. • https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html https://core.trac.wordpress.org/changeset/46472 https://github.com/WordPress/WordPress/commit/9db44754b9e4044690a6c32fd74b9d5fe26b07b2 https://lists.debian.org/debian-lts-announce/2019/11/msg00000.html https://lists.debian.org/debian-lts-announce/2020/09/msg00011.html https://lists.debian.org/debian-lts-announce/2022/10/msg00010.html https://wordpress.org/news/2019/10/wordpress-5-2-4-security-r • CWE-918: Server-Side Request Forgery (SSRF) •
CVE-2019-16220 – WordPress Core < 5.2.3 - Open Redirect
https://notcve.org/view.php?id=CVE-2019-16220
In WordPress before 5.2.3, validation and sanitization of a URL in wp_validate_redirect in wp-includes/pluggable.php could lead to an open redirect. En WordPress versiones anteriores a 5.2.3, la comprobación y el saneamiento de una URL en la función wp_validate_redirect en el archivo wp-includes/pluggable.php podría conllevar a un redireccionamiento abierto. In WordPress before 5.2.3, validation and sanitization of a URL in wp_validate_redirect in wp-includes/pluggable.php could lead to an open redirect if a provided URL path does not start with a forward slash. • https://core.trac.wordpress.org/changeset/45971 https://github.com/WordPress/WordPress/commit/c86ee39ff4c1a79b93c967eb88522f5c09614a28 https://lists.debian.org/debian-lts-announce/2019/10/msg00023.html https://seclists.org/bugtraq/2020/Jan/8 https://wordpress.org/news/2019/09/wordpress-5-2-3-security-and-maintenance-release https://wpvulndb.com/vulnerabilities/9863 https://www.debian.org/security/2020/dsa-4599 https://www.debian.org/security/2020/dsa-4677 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •