WordPress <= 5.2.3 - Unauthenticated View Private/Draft Posts



Description
This vulnerability could allow an unauthenticated user to view private or draft posts due to an issue within WP_Query.
Proof of Concept
http://wordpress.local/?static=1&order=asc

Affects WordPresses

fixed in version 5.2.4
fixed in version 5.2.4
fixed in version 5.2.4
fixed in version 5.2.4
fixed in version 5.1.3
fixed in version 5.1.3
fixed in version 5.1.3
fixed in version 5.0.7
fixed in version 5.0.7
fixed in version 5.0.7
fixed in version 5.0.7
fixed in version 5.0.7
fixed in version 5.0.7
fixed in version 4.9.12
fixed in version 4.9.12
fixed in version 4.9.12
fixed in version 4.9.12
fixed in version 4.9.12
fixed in version 4.9.12
fixed in version 4.9.12
fixed in version 4.9.12
fixed in version 4.9.12
fixed in version 4.9.12
fixed in version 4.9.12
fixed in version 4.9.12
fixed in version 4.8.11
fixed in version 4.8.11
fixed in version 4.8.11
fixed in version 4.8.11
fixed in version 4.8.11
fixed in version 4.8.11
fixed in version 4.8.11
fixed in version 4.8.11
fixed in version 4.8.11
fixed in version 4.8.11
fixed in version 4.8.11
fixed in version 4.7.15
fixed in version 4.7.15
fixed in version 4.7.15
fixed in version 4.7.15
fixed in version 4.7.15
fixed in version 4.7.15
fixed in version 4.7.15
fixed in version 4.7.15
fixed in version 4.7.15
fixed in version 4.7.15
fixed in version 4.7.15
fixed in version 4.7.15
fixed in version 4.7.15
fixed in version 4.7.15
fixed in version 4.7.15
fixed in version 4.6.16
fixed in version 4.6.16
fixed in version 4.6.16
fixed in version 4.6.16
fixed in version 4.6.16
fixed in version 4.6.16
fixed in version 4.6.16
fixed in version 4.6.16
fixed in version 4.6.16
fixed in version 4.6.16
fixed in version 4.6.16
fixed in version 4.6.16
fixed in version 4.6.16
fixed in version 4.6.16
fixed in version 4.6.16
fixed in version 4.6.16
fixed in version 4.5.19
fixed in version 4.5.19
fixed in version 4.5.19
fixed in version 4.5.19
fixed in version 4.5.19
fixed in version 4.5.19
fixed in version 4.5.19
fixed in version 4.5.19
fixed in version 4.5.19
fixed in version 4.5.19
fixed in version 4.5.19
fixed in version 4.5.19
fixed in version 4.5.19
fixed in version 4.5.19
fixed in version 4.5.19
fixed in version 4.5.19
fixed in version 4.5.19
fixed in version 4.5.19
fixed in version 4.5.19
fixed in version 4.4.20
fixed in version 4.4.20
fixed in version 4.4.20
fixed in version 4.4.20
fixed in version 4.4.20
fixed in version 4.4.20
fixed in version 4.4.20
fixed in version 4.4.20
fixed in version 4.4.20
fixed in version 4.4.20
fixed in version 4.4.20
fixed in version 4.4.20
fixed in version 4.4.20
fixed in version 4.4.20
fixed in version 4.4.20
fixed in version 4.4.20
fixed in version 4.4.20
fixed in version 4.4.20
fixed in version 4.4.20
fixed in version 4.4.20
fixed in version 4.3.21
fixed in version 4.3.21
fixed in version 4.3.21
fixed in version 4.3.21
fixed in version 4.3.21
fixed in version 4.3.21
fixed in version 4.3.21
fixed in version 4.3.21
fixed in version 4.3.21
fixed in version 4.3.21
fixed in version 4.3.21
fixed in version 4.3.21
fixed in version 4.3.21
fixed in version 4.3.21
fixed in version 4.3.21
fixed in version 4.3.21
fixed in version 4.3.21
fixed in version 4.3.21
fixed in version 4.3.21
fixed in version 4.3.21
fixed in version 4.3.21
fixed in version 4.2.25
fixed in version 4.2.25
fixed in version 4.2.25
fixed in version 4.2.25
fixed in version 4.2.25
fixed in version 4.2.25
fixed in version 4.2.25
fixed in version 4.2.25
fixed in version 4.2.25
fixed in version 4.2.25
fixed in version 4.2.25
fixed in version 4.2.25
fixed in version 4.2.25
fixed in version 4.2.25
fixed in version 4.2.25
fixed in version 4.2.25
fixed in version 4.2.25
fixed in version 4.2.25
fixed in version 4.2.25
fixed in version 4.2.25
fixed in version 4.2.25
fixed in version 4.2.25
fixed in version 4.2.25
fixed in version 4.2.25
fixed in version 4.2.25
fixed in version 4.1.28
fixed in version 4.1.28
fixed in version 4.1.28
fixed in version 4.1.28
fixed in version 4.1.28
fixed in version 4.1.28
fixed in version 4.1.28
fixed in version 4.1.28
fixed in version 4.1.28
fixed in version 4.1.28
fixed in version 4.1.28
fixed in version 4.1.28
fixed in version 4.1.28
fixed in version 4.1.28
fixed in version 4.1.28
fixed in version 4.1.28
fixed in version 4.1.28
fixed in version 4.1.28
fixed in version 4.1.28
fixed in version 4.1.28
fixed in version 4.1.28
fixed in version 4.1.28
fixed in version 4.1.28
fixed in version 4.1.28
fixed in version 4.1.28
fixed in version 4.1.28
fixed in version 4.1.28
fixed in version 4.1.28
fixed in version 4.0.28
fixed in version 4.0.28
fixed in version 4.0.28
fixed in version 4.0.28
fixed in version 4.0.28
fixed in version 4.0.28
fixed in version 4.0.28
fixed in version 4.0.28
fixed in version 4.0.28
fixed in version 4.0.28
fixed in version 4.0.28
fixed in version 4.0.28
fixed in version 4.0.28
fixed in version 4.0.28
fixed in version 4.0.28
fixed in version 4.0.28
fixed in version 4.0.28
fixed in version 4.0.28
fixed in version 4.0.28
fixed in version 4.0.28
fixed in version 4.0.28
fixed in version 4.0.28
fixed in version 4.0.28
fixed in version 4.0.28
fixed in version 4.0.28
fixed in version 4.0.28
fixed in version 4.0.28
fixed in version 4.0.28
fixed in version 3.9.29
fixed in version 3.9.29
fixed in version 3.9.29
fixed in version 3.9.29
fixed in version 3.9.29
fixed in version 3.9.29
fixed in version 3.9.29
fixed in version 3.9.29
fixed in version 3.9.29
fixed in version 3.9.29
fixed in version 3.9.29
fixed in version 3.9.29
fixed in version 3.9.29
fixed in version 3.9.29
fixed in version 3.9.29
fixed in version 3.9.29
fixed in version 3.9.29
fixed in version 3.9.29
fixed in version 3.9.29
fixed in version 3.9.29
fixed in version 3.9.29
fixed in version 3.9.29
fixed in version 3.9.29
fixed in version 3.9.29
fixed in version 3.9.29
fixed in version 3.9.29
fixed in version 3.9.29
fixed in version 3.9.29
fixed in version 3.9.29
fixed in version 3.8.31
fixed in version 3.8.31
fixed in version 3.8.31
fixed in version 3.8.31
fixed in version 3.8.31
fixed in version 3.8.31
fixed in version 3.8.31
fixed in version 3.8.31
fixed in version 3.8.31
fixed in version 3.8.31
fixed in version 3.8.31
fixed in version 3.8.31
fixed in version 3.8.31
fixed in version 3.8.31
fixed in version 3.8.31
fixed in version 3.8.31
fixed in version 3.8.31
fixed in version 3.8.31
fixed in version 3.8.31
fixed in version 3.8.31
fixed in version 3.8.31
fixed in version 3.8.31
fixed in version 3.8.31
fixed in version 3.8.31
fixed in version 3.8.31
fixed in version 3.8.31
fixed in version 3.8.31
fixed in version 3.8.31
fixed in version 3.8.31
fixed in version 3.8.31
fixed in version 3.8.31
fixed in version 3.7.31
fixed in version 3.7.31
fixed in version 3.7.31
fixed in version 3.7.31
fixed in version 3.7.31
fixed in version 3.7.31
fixed in version 3.7.31
fixed in version 3.7.31
fixed in version 3.7.31
fixed in version 3.7.31
fixed in version 3.7.31
fixed in version 3.7.31
fixed in version 3.7.31
fixed in version 3.7.31
fixed in version 3.7.31
fixed in version 3.7.31
fixed in version 3.7.31
fixed in version 3.7.31
fixed in version 3.7.31
fixed in version 3.7.31
fixed in version 3.7.31
fixed in version 3.7.31
fixed in version 3.7.31
fixed in version 3.7.31
fixed in version 3.7.31
fixed in version 3.7.31
fixed in version 3.7.31
fixed in version 3.7.31
fixed in version 3.7.31
fixed in version 3.7.31
fixed in version 3.7.31

References

CVE 2019-17671
URL https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/
URL https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html
URL https://github.com/WordPress/WordPress/commit/f82ed753cf00329a5e41f2cb6dc521085136f308
URL https://0day.work/proof-of-concept-for-wordpress-5-2-3-viewing-unauthenticated-posts/

Classification

Type BYPASS

Miscellaneous

Original Researcher J.D. Grimes
Views 18910
Verified No
WPVDB ID 9909

Timeline

Publicly Published 2019-10-14 (about 1 month ago)
Added 2019-10-15 (about 1 month ago)
Last Updated 2019-10-29 (20 days ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin