WordPress < 5.4.1 - Unauthenticated Users View Private Posts



Description
This could have allowed unauthenticated users to view private posts by manipulating time and date queries.

Affects WordPresses

fixed in version 5.4.1
fixed in version 5.3.3
fixed in version 5.3.3
fixed in version 5.3.3
fixed in version 5.2.6
fixed in version 5.2.6
fixed in version 5.2.6
fixed in version 5.2.6
fixed in version 5.2.6
fixed in version 5.2.6
fixed in version 5.1.5
fixed in version 5.1.5
fixed in version 5.1.5
fixed in version 5.1.5
fixed in version 5.1.5
fixed in version 5.0.9
fixed in version 5.0.9
fixed in version 5.0.9
fixed in version 5.0.9
fixed in version 5.0.9
fixed in version 5.0.9
fixed in version 5.0.9
fixed in version 5.0.9
fixed in version 4.9.14
fixed in version 4.9.14
fixed in version 4.9.14
fixed in version 4.9.14
fixed in version 4.9.14
fixed in version 4.9.14
fixed in version 4.9.14
fixed in version 4.9.14
fixed in version 4.9.14
fixed in version 4.9.14
fixed in version 4.9.14
fixed in version 4.9.14
fixed in version 4.9.14
fixed in version 4.9.14
fixed in version 4.8.13
fixed in version 4.8.13
fixed in version 4.8.13
fixed in version 4.8.13
fixed in version 4.8.13
fixed in version 4.8.13
fixed in version 4.8.13
fixed in version 4.8.13
fixed in version 4.8.13
fixed in version 4.8.13
fixed in version 4.8.13
fixed in version 4.8.13
fixed in version 4.8.13
fixed in version 4.7.17
fixed in version 4.7.17
fixed in version 4.7.17
fixed in version 4.7.17
fixed in version 4.7.17
fixed in version 4.7.17
fixed in version 4.7.17
fixed in version 4.7.17
fixed in version 4.7.17
fixed in version 4.7.17
fixed in version 4.7.17
fixed in version 4.7.17
fixed in version 4.7.17
fixed in version 4.7.17
fixed in version 4.7.17
fixed in version 4.7.17
fixed in version 4.7.17
fixed in version 4.6.18
fixed in version 4.6.18
fixed in version 4.6.18
fixed in version 4.6.18
fixed in version 4.6.18
fixed in version 4.6.18
fixed in version 4.6.18
fixed in version 4.6.18
fixed in version 4.6.18
fixed in version 4.6.18
fixed in version 4.6.18
fixed in version 4.6.18
fixed in version 4.6.18
fixed in version 4.6.18
fixed in version 4.6.18
fixed in version 4.6.18
fixed in version 4.6.18
fixed in version 4.6.18
fixed in version 4.5.21
fixed in version 4.5.21
fixed in version 4.5.21
fixed in version 4.5.21
fixed in version 4.5.21
fixed in version 4.5.21
fixed in version 4.5.21
fixed in version 4.5.21
fixed in version 4.5.21
fixed in version 4.5.21
fixed in version 4.5.21
fixed in version 4.5.21
fixed in version 4.5.21
fixed in version 4.5.21
fixed in version 4.5.21
fixed in version 4.5.21
fixed in version 4.5.21
fixed in version 4.5.21
fixed in version 4.5.21
fixed in version 4.5.21
fixed in version 4.5.21
fixed in version 4.4.22
fixed in version 4.4.22
fixed in version 4.4.22
fixed in version 4.4.22
fixed in version 4.4.22
fixed in version 4.4.22
fixed in version 4.4.22
fixed in version 4.4.22
fixed in version 4.4.22
fixed in version 4.4.22
fixed in version 4.4.22
fixed in version 4.4.22
fixed in version 4.4.22
fixed in version 4.4.22
fixed in version 4.4.22
fixed in version 4.4.22
fixed in version 4.4.22
fixed in version 4.4.22
fixed in version 4.4.22
fixed in version 4.4.22
fixed in version 4.4.22
fixed in version 4.4.22
fixed in version 4.3.23
fixed in version 4.3.23
fixed in version 4.3.23
fixed in version 4.3.23
fixed in version 4.3.23
fixed in version 4.3.23
fixed in version 4.3.23
fixed in version 4.3.23
fixed in version 4.3.23
fixed in version 4.3.23
fixed in version 4.3.23
fixed in version 4.3.23
fixed in version 4.3.23
fixed in version 4.3.23
fixed in version 4.3.23
fixed in version 4.3.23
fixed in version 4.3.23
fixed in version 4.3.23
fixed in version 4.3.23
fixed in version 4.3.23
fixed in version 4.3.23
fixed in version 4.3.23
fixed in version 4.3.23
fixed in version 4.2.27
fixed in version 4.2.27
fixed in version 4.2.27
fixed in version 4.2.27
fixed in version 4.2.27
fixed in version 4.2.27
fixed in version 4.2.27
fixed in version 4.2.27
fixed in version 4.2.27
fixed in version 4.2.27
fixed in version 4.2.27
fixed in version 4.2.27
fixed in version 4.2.27
fixed in version 4.2.27
fixed in version 4.2.27
fixed in version 4.2.27
fixed in version 4.2.27
fixed in version 4.2.27
fixed in version 4.2.27
fixed in version 4.2.27
fixed in version 4.2.27
fixed in version 4.2.27
fixed in version 4.2.27
fixed in version 4.2.27
fixed in version 4.2.27
fixed in version 4.2.27
fixed in version 4.2.27
fixed in version 4.1.30
fixed in version 4.1.30
fixed in version 4.1.30
fixed in version 4.1.30
fixed in version 4.1.30
fixed in version 4.1.30
fixed in version 4.1.30
fixed in version 4.1.30
fixed in version 4.1.30
fixed in version 4.1.30
fixed in version 4.1.30
fixed in version 4.1.30
fixed in version 4.1.30
fixed in version 4.1.30
fixed in version 4.1.30
fixed in version 4.1.30
fixed in version 4.1.30
fixed in version 4.1.30
fixed in version 4.1.30
fixed in version 4.1.30
fixed in version 4.1.30
fixed in version 4.1.30
fixed in version 4.1.30
fixed in version 4.1.30
fixed in version 4.1.30
fixed in version 4.1.30
fixed in version 4.1.30
fixed in version 4.1.30
fixed in version 4.1.30
fixed in version 4.1.30
fixed in version 4.0.30
fixed in version 4.0.30
fixed in version 4.0.30
fixed in version 4.0.30
fixed in version 4.0.30
fixed in version 4.0.30
fixed in version 4.0.30
fixed in version 4.0.30
fixed in version 4.0.30
fixed in version 4.0.30
fixed in version 4.0.30
fixed in version 4.0.30
fixed in version 4.0.30
fixed in version 4.0.30
fixed in version 4.0.30
fixed in version 4.0.30
fixed in version 4.0.30
fixed in version 4.0.30
fixed in version 4.0.30
fixed in version 4.0.30
fixed in version 4.0.30
fixed in version 4.0.30
fixed in version 4.0.30
fixed in version 4.0.30
fixed in version 4.0.30
fixed in version 4.0.30
fixed in version 4.0.30
fixed in version 4.0.30
fixed in version 4.0.30
fixed in version 4.0.30
fixed in version 3.9.31
fixed in version 3.9.31
fixed in version 3.9.31
fixed in version 3.9.31
fixed in version 3.9.31
fixed in version 3.9.31
fixed in version 3.9.31
fixed in version 3.9.31
fixed in version 3.9.31
fixed in version 3.9.31
fixed in version 3.9.31
fixed in version 3.9.31
fixed in version 3.9.31
fixed in version 3.9.31
fixed in version 3.9.31
fixed in version 3.9.31
fixed in version 3.9.31
fixed in version 3.9.31
fixed in version 3.9.31
fixed in version 3.9.31
fixed in version 3.9.31
fixed in version 3.9.31
fixed in version 3.9.31
fixed in version 3.9.31
fixed in version 3.9.31
fixed in version 3.9.31
fixed in version 3.9.31
fixed in version 3.9.31
fixed in version 3.9.31
fixed in version 3.9.31
fixed in version 3.9.31
fixed in version 3.8.33
fixed in version 3.8.33
fixed in version 3.8.33
fixed in version 3.8.33
fixed in version 3.8.33
fixed in version 3.8.33
fixed in version 3.8.33
fixed in version 3.8.33
fixed in version 3.8.33
fixed in version 3.8.33
fixed in version 3.8.33
fixed in version 3.8.33
fixed in version 3.8.33
fixed in version 3.8.33
fixed in version 3.8.33
fixed in version 3.8.33
fixed in version 3.8.33
fixed in version 3.8.33
fixed in version 3.8.33
fixed in version 3.8.33
fixed in version 3.8.33
fixed in version 3.8.33
fixed in version 3.8.33
fixed in version 3.8.33
fixed in version 3.8.33
fixed in version 3.8.33
fixed in version 3.8.33
fixed in version 3.8.33
fixed in version 3.8.33
fixed in version 3.8.33
fixed in version 3.8.33
fixed in version 3.8.33
fixed in version 3.8.33
fixed in version 3.7.33
fixed in version 3.7.33
fixed in version 3.7.33
fixed in version 3.7.33
fixed in version 3.7.33
fixed in version 3.7.33
fixed in version 3.7.33
fixed in version 3.7.33
fixed in version 3.7.33
fixed in version 3.7.33
fixed in version 3.7.33
fixed in version 3.7.33
fixed in version 3.7.33
fixed in version 3.7.33
fixed in version 3.7.33
fixed in version 3.7.33
fixed in version 3.7.33
fixed in version 3.7.33
fixed in version 3.7.33
fixed in version 3.7.33
fixed in version 3.7.33
fixed in version 3.7.33
fixed in version 3.7.33
fixed in version 3.7.33
fixed in version 3.7.33
fixed in version 3.7.33
fixed in version 3.7.33
fixed in version 3.7.33
fixed in version 3.7.33
fixed in version 3.7.33
fixed in version 3.7.33
fixed in version 3.7.33
fixed in version 3.7.33

References

CVE 2020-11028
URL https://wordpress.org/news/2020/04/wordpress-5-4-1/
URL https://core.trac.wordpress.org/changeset/47635/
URL https://www.wordfence.com/blog/2020/04/unpacking-the-7-vulnerabilities-fixed-in-todays-wordpress-5-4-1-security-update/
URL https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-xhx9-759f-6p2w

Classification

Type BYPASS

Miscellaneous

Original Researcher ka1n4t
Submitter Ryan">
Views 2861
Verified No
WPVDB ID 10202

Timeline

Publicly Published 2020-04-29 (27 days ago)
Added 2020-04-30 (25 days ago)
Last Updated 2020-05-02 (23 days ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin