CVE-2019-20043
WordPress Core < 5.3.1 - Authorization Bypass
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php in WordPress 3.7 to 5.3.0, authenticated users who do not have the rights to publish a post are able to mark posts as sticky or unsticky via the REST API. For example, the contributor role does not have such rights, but this allowed them to bypass that. This has been patched in WordPress 5.3.1, along with all the previous WordPress versions from 3.7 to 5.3 via a minor release.
En wp-includes / rest-api / endpoints / class-wp-rest-posts-controller.php en WordPress 3.7 a 5.3.0, los usuarios autenticados que no tienen los derechos para publicar una publicación pueden marcar publicaciones como fijas o antiadherente a través de la API REST. Por ejemplo, el rol de contribuyente no tiene tales derechos, pero esto les permitió evitarlo. Esto se ha solucionado en WordPress 5.3.1, junto con todas las versiones anteriores de WordPress desde 3.7 hasta la versión 5.3 a través de una versión menor.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-12-01 CVE Published
- 2019-12-27 CVE Reserved
- 2024-04-21 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-269: Improper Privilege Management
- CWE-285: Improper Authorization
CAPEC
References (8)
URL | Tag | Source |
---|---|---|
https://github.com/WordPress/wordpress-develop/commit/1d1d5be7aa94608c04516cac4238e8c22b93c1d9 | Third Party Advisory | |
https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-g7rg-hchx-c2gw | Third Party Advisory | |
https://seclists.org/bugtraq/2020/Jan/8 | Mailing List | |
https://wpvulndb.com/vulnerabilities/9973 | Release Notes |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://core.trac.wordpress.org/changeset/46893/trunk | 2023-01-20 |
URL | Date | SRC |
---|---|---|
https://wordpress.org/news/2019/12/wordpress-5-3-1-security-and-maintenance-release | 2023-01-20 | |
https://www.debian.org/security/2020/dsa-4599 | 2023-01-20 | |
https://www.debian.org/security/2020/dsa-4677 | 2023-01-20 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | >= 3.7 < 5.3.1 Search vendor "Wordpress" for product "Wordpress" and version " >= 3.7 < 5.3.1" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
|