cve/2019/CVE-2019-17675.md

CVE-2019-17675

Description

WordPress before 5.2.4 does not properly consider type confusion during validation of the referer in the admin pages, possibly leading to CSRF.

POC

Reference

• https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html
• https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html

Github

• https://github.com/ARPSyndicate/cvemon
• https://github.com/Afetter618/WordPress-PenTest
• https://github.com/El-Palomo/DerpNStink
• https://github.com/El-Palomo/SYMFONOS
• https://github.com/namhikelo/Symfonos1-Vulnhub-CEH