Login Sign Up

CVE-2019-17675

8.8 HIGH
CSRF

📋 TL;DR

This is a Cross-Site Request Forgery (CSRF) vulnerability in WordPress admin pages that occurs due to type confusion during referer validation. Attackers can trick authenticated administrators into performing unintended actions like changing settings, creating users, or installing plugins. All WordPress sites with versions before 5.2.4 are affected.

💻 Affected Systems

Products:
  • WordPress
Versions: All versions before 5.2.4
Operating Systems: All operating systems running WordPress
Default Config Vulnerable: ⚠️ Yes
Notes: Requires attacker to trick authenticated admin user into clicking malicious link while logged into WordPress admin panel.

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Wordpress by Wordpress

View all CVEs affecting Wordpress →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete site takeover through admin account compromise, allowing attackers to install malicious plugins/themes, create backdoor accounts, deface the site, or inject malware.

🟠

Likely Case

Unauthorized administrative actions such as changing site settings, creating new administrator accounts, or modifying content without the admin's knowledge.

🟢

If Mitigated

Limited impact with proper CSRF protections and admin awareness, though some administrative functions could still be exploited.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires social engineering to trick authenticated admin users. Technical exploit details are publicly available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: WordPress 5.2.4 and later

Vendor Advisory: https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/

Restart Required: No

Instructions:

1. Backup your WordPress site. 2. Update WordPress to version 5.2.4 or later via Dashboard > Updates. 3. Verify update completed successfully. 4. Test admin functionality.

🔧 Temporary Workarounds

CSRF Protection Plugin

all

Install and configure a WordPress security plugin that provides additional CSRF protection

Admin Session Management

all

Implement strict admin session management: log out when not using admin panel, use separate browser for admin tasks

🧯 If You Can't Patch

  • Implement web application firewall (WAF) with CSRF protection rules
  • Restrict admin panel access to specific IP addresses only

🔍 How to Verify

Check if Vulnerable:

Check WordPress version in Dashboard > Updates or via wp-includes/version.php file

Check Version:

wp core version (if WP-CLI installed) or check wp-includes/version.php

Verify Fix Applied:

Confirm WordPress version is 5.2.4 or higher and test admin functions work normally

📡 Detection & Monitoring

Log Indicators:

  • Multiple admin actions from same session in rapid succession
  • Admin actions with missing or malformed referer headers
  • Unexpected user creation or privilege escalation

Network Indicators:

  • HTTP requests to admin-ajax.php or admin-post.php with suspicious parameters
  • Requests with missing or manipulated referer headers

SIEM Query:

source="wordpress" AND (uri_path="/wp-admin/*" OR uri_path="/wp-json/*") AND (referer="" OR NOT referer CONTAINS site_domain)

📊 Metadata

CVE ID: CVE-2019-17675
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-352
Published: October 17, 2019
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2019-17675, you might also want to check these:

CVE-2025-23922 10.0

A Cross-Site Request Forgery (CSRF) vulnerability in the Harsh iSpring Embedder WordPress plugin all...

Same vulnerability type (CWE-352)
CVE-2020-10181 9.8

This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in Sumavision Enhanced Multimed...

Same vulnerability type (CWE-352)
CVE-2020-23426 9.8

CVE-2020-23426 is a privilege escalation vulnerability in zzcms 201910 that allows attackers to gain...

Same vulnerability type (CWE-352)