CVE-2019-17673

WordPress before 5.2.4 is vulnerable to poisoning of the cache of JSON GET requests because certain requests lack a Vary: Origin header.

We have discovered 880,573 live websites that are affected by CVE-2019-17673.

Run a Free Instant Scan



Affected Software

Product  WordPress
Category Content Management System
Vulnerable Domains880,573 live websites (11% of WordPress install base)
Vulnerable Versions
  • from 0 through 5.2.4
Vulnerable Versions Count577 versions ( 69% of all versions)



Details

  • Published - Oct 17, 2019
  • Updated - Aug 5, 2024

Website Distribution by Country

Number of websites using CVE-2019-17673
United States157,769 websites


Italy95,300 websites
Germany74,657 websites
Japan69,971 websites
Russia51,320 websites
France44,884 websites
GB36,936 websites
Poland36,142 websites
Netherlands25,373 websites
Spain19,608 websites

Website Distribution by TLD

Number of websites using CVE-2019-17673
.com318,922 websites
.it62,238 websites
.ru42,666 websites
.de38,482 websites
.org30,939 websites
.net26,973 websites
.pl26,938 websites
.co.uk21,087 websites
.nl18,184 websites
.fr17,368 websites

Vulnerable Versions

Vulnerable versions are highlighted in red

Websites affected by CVE-2019-17673

Top websites that are affected by CVE-2019-17673. Please click on the "Contact us" link to get more information.
DomainCountryRankContacts
****.br Brazil***
*********.com Italy*,***
*****.com United States*,***
**********.com United States*,***
********.com Germany*,***
************.org United States*,***
***********.eu Cyprus*,***
*****.****.br Brazil*,***
*******.org United States*,***
********.****.br Brazil*,***
See full domain list

FAQ

A total of 880,573 websites have been identified as vulnerable to CVE-2019-17673, based on global website indexing conducted by WebTechSurvey.
The WordPress is affected by the CVE-2019-17673 vulnerability.
WordPress versions up to and including 5.2.4 are vulnerable to CVE-2019-17673.