|Category:||Web application abuses|
|Title:||WordPress Multiple Vulnerabilities - June20 (Linux)|
|Summary:||WordPress is prone to multiple vulnerabilities.|
WordPress is prone to multiple vulnerabilities.
WordPress is prone to multiple vulnerabilities:
file attachment pages in a certain way. This can lead to script execution in the context of a higher
privileged user when the file is viewed by them. (CVE-2020-4047)
- Due to an issue in wp_validate_redirect() and URL sanitization, an arbitrary external link can be crafted
leading to unintended/open redirect when clicked. (CVE-2020-4048)
execution in /wp-admin on the themes page. This does require an admin to upload the theme, and is low
severity self-XSS. (CVE-2020-4049)
- Misuse of the 'set-screen-option' filter's return value allows arbitrary user meta fields to be saved. It
does require an admin to install a plugin that would misuse the filter. Once installed, it can be leveraged
by low privileged users. (CVE-2020-4050)
- Comments from a post or page can sometimes be seen in the latest comments even if the post or page is not
WordPress versions 3.7 - 5.4.1.
Update to version 3.7.34, 3.8.34, 3.9.32, 4.0.31, 4.1.31, 4.2.28, 4.3.24,
4.4.23, 4.5.22, 4.6.19, 4.7.18, 4.8.14, 4.9.15, 5.0.10, 5.1.6, 5.2.7, 5.3.4, 5.4.2 or later.
Common Vulnerability Exposure (CVE) ID: CVE-2020-4047|
Debian Security Information: DSA-4709 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2020-4048
Common Vulnerability Exposure (CVE) ID: CVE-2020-4049
Common Vulnerability Exposure (CVE) ID: CVE-2020-4050
|Copyright||Copyright (C) 2020 Greenbone Networks GmbH|
|This is only one of 85075 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.