This vulnerability could allow an unauthenticated user to view private or draft posts due to an issue within WP_Query.
http://wordpress.local/?static=1&order=asc
0day.work/proof-of-concept-for-wordpress-5-2-3-viewing-unauthenticated-posts/
blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html
github.com/WordPress/WordPress/commit/f82ed753cf00329a5e41f2cb6dc521085136f308
wordpress.org/news/2019/10/wordpress-5-2-4-security-release/