CVE-2019-17673

WordPress before 5.2.4 is vulnerable to poisoning of the cache of JSON GET requests because certain requests lack a Vary: Origin header.

We have discovered 1,197,172 live websites that are affected by CVE-2019-17673.

Test my site



Affected Software

Product  WordPress
Category Content Management System
Vulnerable Domains1,197,172 live websites (12.99% of WordPress install base)
Vulnerable Versions
  • from 0 before 5.2.4
Vulnerable Versions Count730 versions ( 78.41% of all versions)



Details

  • Published - Oct 17, 2019
  • Updated - Aug 5, 2024

CVE-2019-17673 usage by Country

United States264,798 websites


Japan105,163 websites
Germany102,702 websites
Italy93,025 websites
France65,824 websites
Russia56,990 websites
GB46,667 websites
Poland43,448 websites
Australia38,629 websites
Netherlands34,867 websites

CVE-2019-17673 usage by TLD

.com456,781 websites
.it63,903 websites
.de50,208 websites
.ru50,115 websites
.org43,065 websites
.net38,616 websites
.pl33,223 websites
.co.uk30,426 websites
.com.au29,623 websites
.nl25,965 websites

Vulnerable Versions

Vulnerable versions are highlighted in red

Websites affected by CVE-2019-17673

Top websites that are affected by CVE-2019-17673. Please click on the "Contact us" link to get more information.
DomainCountryRankContacts
****.br Brazil***
****.******.com Singapore***
************.***.ar Argentina*,***
*********.com Italy*,***
*****.com United States*,***
****.***********.de Germany*,***
*************.com United States*,***
************.org United States*,***
***********.**.uk United States*,***
*****.****.br Brazil*,***
See full domain list

FAQ

A total of 1,197,172 websites have been identified as vulnerable to CVE-2019-17673, discovered through global website indexing conducted by WebTechSurvey.
WordPress is susceptible to CVE-2019-17673 vulnerability.
WordPress versions before 5.2.4 are vulnerable to CVE-2019-17673.
Version 5.2.4 of WordPress addresses the CVE-2019-17673 security vulnerability.