CVE-2019-17669

Published: Oct 17, 2019

Modified: Aug 5, 2024

PUBLISHED

Description

WordPress before 5.2.4 has a Server Side Request Forgery (SSRF) vulnerability because URL validation does not consider the interpretation of a name as a series of hex characters.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html

x_refsource_MISC

https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/

x_refsource_MISC

https://core.trac.wordpress.org/changeset/46475

x_refsource_MISC

https://github.com/WordPress/WordPress/commit/608d39faed63ea212b6c6cdf9fe2bef92e2120ea

x_refsource_MISC

https://wpvulndb.com/vulnerabilities/9912

x_refsource_MISC

[debian-lts-announce] 20191105 [SECURITY] [DLA 1980-1] wordpress security update

mailing-list

x_refsource_MLIST

20200108 [SECURITY] [DSA 4599-1] wordpress security update

mailing-list

x_refsource_BUGTRAQ

DSA-4599

vendor-advisory

x_refsource_DEBIAN

DSA-4677

vendor-advisory

x_refsource_DEBIAN

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2019-17669

Description

Affected Products

References