Showing 1 - 2 of 2

CVE-2019-17673

Status Candidate

Overview

WordPress before 5.2.4 is vulnerable to poisoning of the cache of JSON GET requests because certain requests lack a Vary: Origin header.

Debian Security Advisory 4677-1: Posted May 28, 2020; Authored by Debian | Site debian.org; Debian Linux Security Advisory 4677-1 - Several vulnerabilities were discovered in Wordpress, a web blogging tool. They allowed remote attackers to perform various Cross-Side Scripting (XSS) and Cross-Site Request Forgery (CSRF) attacks, create files on the server, disclose private information, create open redirects, poison cache, and bypass authorization access and input sanitation.; tags | advisory, remote, web, vulnerability, csrf; systems | linux, debian; advisories | CVE-2019-16217, CVE-2019-16218, CVE-2019-16219, CVE-2019-16220, CVE-2019-16221, CVE-2019-16222, CVE-2019-16223, CVE-2019-16780, CVE-2019-16781, CVE-2019-17669, CVE-2019-17671, CVE-2019-17672, CVE-2019-17673, CVE-2019-17674; SHA-256 | 6d27cba833ecba03b616051272e9350ebac60ca6dcdce5a8f1dbee3e9022d501; Download | Favorite | View

Debian Security Advisory 4599-1: Posted Jan 8, 2020; Authored by Debian | Site debian.org; Debian Linux Security Advisory 4599-1 - Several vulnerabilities were discovered in Wordpress, a web blogging tool. They allowed remote attackers to perform various Cross-Side Scripting (XSS) and Cross-Site Request Forgery (CSRF) attacks, create open redirects, poison cache, and bypass authorization access and input sanitation.; tags | advisory, remote, web, vulnerability, csrf; systems | linux, debian; advisories | CVE-2019-16217, CVE-2019-16218, CVE-2019-16219, CVE-2019-16220, CVE-2019-16221, CVE-2019-16222, CVE-2019-16223, CVE-2019-16780, CVE-2019-16781, CVE-2019-17669, CVE-2019-17671, CVE-2019-17672, CVE-2019-17673, CVE-2019-17674, CVE-2019-17675, CVE-2019-20041, CVE-2019-20042, CVE-2019-20043; SHA-256 | dee089686a65d4ec93a8523a27603cadf0d9b6bd7647954645a7625e9a51adaa; Download | Favorite | View

Page 1 of 1 Back 1 Next