CVE-2019-20043 – WordPress Core < 5.3.1 - Authorization Bypass
https://notcve.org/view.php?id=CVE-2019-20043
In in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php in WordPress 3.7 to 5.3.0, authenticated users who do not have the rights to publish a post are able to mark posts as sticky or unsticky via the REST API. For example, the contributor role does not have such rights, but this allowed them to bypass that. This has been patched in WordPress 5.3.1, along with all the previous WordPress versions from 3.7 to 5.3 via a minor release. En wp-includes / rest-api / endpoints / class-wp-rest-posts-controller.php en WordPress 3.7 a 5.3.0, los usuarios autenticados que no tienen los derechos para publicar una publicación pueden marcar publicaciones como fijas o antiadherente a través de la API REST. Por ejemplo, el rol de contribuyente no tiene tales derechos, pero esto les permitió evitarlo. • https://core.trac.wordpress.org/changeset/46893/trunk https://github.com/WordPress/wordpress-develop/commit/1d1d5be7aa94608c04516cac4238e8c22b93c1d9 https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-g7rg-hchx-c2gw https://seclists.org/bugtraq/2020/Jan/8 https://wordpress.org/news/2019/12/wordpress-5-3-1-security-and-maintenance-release https://wpvulndb.com/vulnerabilities/9973 https://www.debian.org/security/2020/dsa-4599 https://www.debian.org/security/2020/dsa-4677 • CWE-269: Improper Privilege Management CWE-285: Improper Authorization •
CVE-2019-17674 – WordPress Core < 5.2.4 - Authenticated Stored Cross-Site Scripting via Customizer
https://notcve.org/view.php?id=CVE-2019-17674
WordPress before 5.2.4 is vulnerable to stored XSS (cross-site scripting) via the Customizer. WordPress versiones anteriores a 5.2.4, es vulnerable a un ataque de tipo XSS almacenado (cross-site scripting) por medio del Customizer. • https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html https://seclists.org/bugtraq/2020/Jan/8 https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release https://wpvulndb.com/vulnerabilities/9908 https://www.debian.org/security/2020/dsa-4599 https://www.debian.org/security/2020/dsa-4677 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-17671 – WordPress Core < 5.2.4 - Authorization Bypass
https://notcve.org/view.php?id=CVE-2019-17671
In WordPress before 5.2.4, unauthenticated viewing of certain content is possible because the static query property is mishandled. En WordPress anterior a 5.2.4, es posible la visualización no autenticada de cierto contenido porque la propiedad de consulta estática es manejada inapropiadamente. • https://www.exploit-db.com/exploits/47690 https://github.com/rhbb/CVE-2019-17671 https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html https://core.trac.wordpress.org/changeset/46474 https://github.com/WordPress/WordPress/commit/f82ed753cf00329a5e41f2cb6dc521085136f308 https://lists.debian.org/debian-lts-announce/2019/11/msg00000.html https://seclists.org/bugtraq/2020/Jan/8 https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release& • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-285: Improper Authorization •
CVE-2019-17672 – WordPress Core < 5.2.4 - Authenticated Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-17672
WordPress before 5.2.4 is vulnerable to a stored XSS attack to inject JavaScript into STYLE elements. WordPress versiones anteriores a 5.2.4, es vulnerable a un ataque de tipo XSS almacenado para inyectar JavaScript en elementos STYLE. • https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html https://seclists.org/bugtraq/2020/Jan/8 https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release https://wpvulndb.com/vulnerabilities/9910 https://www.debian.org/security/2020/dsa-4599 https://www.debian.org/security/2020/dsa-4677 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-17669 – WordPress Core < 5.2.4 - Server Side Request Forgery
https://notcve.org/view.php?id=CVE-2019-17669
WordPress before 5.2.4 has a Server Side Request Forgery (SSRF) vulnerability because URL validation does not consider the interpretation of a name as a series of hex characters. WordPress versiones anteriores a 5.2.4, presenta una vulnerabilidad de tipo Server Side Request Forgery (SSRF) porque la comprobación de URL no considera la interpretación de un nombre como una serie de caracteres hexadecimales. • https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html https://core.trac.wordpress.org/changeset/46475 https://github.com/WordPress/WordPress/commit/608d39faed63ea212b6c6cdf9fe2bef92e2120ea https://lists.debian.org/debian-lts-announce/2019/11/msg00000.html https://seclists.org/bugtraq/2020/Jan/8 https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release https://wpvulndb.com/vulnerabilities/9912 https://www.debian.org/security/2020/dsa-4 • CWE-918: Server-Side Request Forgery (SSRF) •