Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

WordPress Access of Resource Using Incompatible Type ('Type Confusion') Vulnerability (CVE-2019-17675)

Description

WordPress before 5.2.4 does not properly consider type confusion during validation of the referer in the admin pages, possibly leading to CSRF.

Remediation

References

Related Vulnerabilities

Drupal Core 8.8.x Remote Code Execution (8.8.0 - 8.8.7)

Joomla! Core 3.0.x Information Disclosure (3.0.0 - 3.0.2)

WordPress Plugin WP Statistics Cross-Site Scripting (9.1.2)

WordPress Plugin Falang multilanguage for WordPress Cross-Site Scripting (1.3.17)

LimeSurvey Incorrect Default Permissions Vulnerability (CVE-2019-16186)

Severity

High

Classification

CVE-2019-17675 CWE-843 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities