WordPress 5.2.4 Security Release Breakdown - Kubernetes WAF | K8 Web Application Firewall | k8 Microservices Security

Common Vulnerabilities and Exposures

WordPress 5.2.4 Security Release Breakdown

October 17, 2019

Overview :

WordPress released version 5.2.4 as a security release. According to WordPress, WordPress version 5.2.4 fixes 6 security issues.

Affected Product(s) :

WordPress released version 5.2.3

Vulnerability Details :

CVE ID :	CVE-2019-17675
	WordPress before 5.2.3 does not properly consider type confusion during validation of the referer in the admin pages, possibly leading to CSRF.
CVE ID :	CVE-2019-17674
	WordPress before 5.2.3 is vulnerable to stored XSS (cross-site scripting) via the Customizer.
CVE ID :	CVE-2019-17673
	WordPress before 5.2.3 is vulnerable to poisoning of the cache of JSON GET requests because certain requests lack a Vary: Origin header.
CVE ID :	CVE-2019-17670
	WordPress before 5.2.3 has a Server Side Request Forgery (SSRF) vulnerability because Windows paths are mishandled during certain validation of relative URLs.
CVE ID :	CVE-2019-17671
	In WordPress before 5.2.3, unauthenticated viewing of certain content is possible because the static query property is mishandled.
CVE ID :	CVE-2019-17672
	WordPress before 5.2.3 is vulnerable to a stored XSS attack to inject JavaScript into STYLE elements.
CVE ID :	CVE-2019-17669
	WordPress before 5.2.3 has a Server Side Request Forgery (SSRF) vulnerability because URL validation does not consider the interpretation of a name as a series of hex characters.

Solution :
Update to the latest version 5.2.4.

CVE-2019-17669 CVE-2019-17670 CVE-2019-17671 CVE-2019-17672 CVE-2019-17673 CVE-2019-17674 CVE-2019-17675

Advanced Machine Learning Based Cloud Security Solution

The Prophaze WAF can be deployed in any Public cloud such as AWS, GCP, Azure, Digital Ocean and on Private Cloud instance like Microk8s

100%

The security of your details is important to us. Prophaze Technologies collects a variety of data that you provide directly to us. The types of data we gather will depend upon the services you use, how you use them, and what you choose to provide. We process your details when necessary to provide you with the services that you have requested when accepting our Terms of Services or when we have the legitimate interest(security, testing, analytics, and so on) to do so please checkout our page.

Demo Request Form

Overlay Image

100% Advanced Machine Learning Based Bot Management Solution

Demo Request Form

Advanced Machine Learning Based Web Security Solution

The Prophaze WAF can be deployed in any Public cloud such as AWS, GCP, Azure, Digital Ocean and on Private Cloud instance like Microk8s

100%

The security of your details is important to us. Prophaze Technologies collects a variety of data that you provide directly to us. The types of data we gather will depend upon the services you use, how you use them, and what you choose to provide. We process your details when necessary to provide you with the services that you have requested when accepting our Terms of Services or when we have the legitimate interest(security, testing, analytics, and so on) to do so please checkout our page.

Demo Request Form

Overlay Image

100% Advanced Machine Learning Based Bot Management Solution

Demo Request Form