Search 187964 CVE descriptions
and 85075 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:Web application abuses
Title:WordPress Multiple Vulnerabilities - June20 (Linux)
Summary:WordPress is prone to multiple vulnerabilities.
WordPress is prone to multiple vulnerabilities.

Vulnerability Insight:
WordPress is prone to multiple vulnerabilities:

- Authenticated users with upload permissions (like authors) are able to inject JavaScript into some media
file attachment pages in a certain way. This can lead to script execution in the context of a higher
privileged user when the file is viewed by them. (CVE-2020-4047)

- Due to an issue in wp_validate_redirect() and URL sanitization, an arbitrary external link can be crafted
leading to unintended/open redirect when clicked. (CVE-2020-4048)

- When uploading themes, the name of the theme folder can be crafted in a way that could lead to JavaScript
execution in /wp-admin on the themes page. This does require an admin to upload the theme, and is low
severity self-XSS. (CVE-2020-4049)

- Misuse of the 'set-screen-option' filter's return value allows arbitrary user meta fields to be saved. It
does require an admin to install a plugin that would misuse the filter. Once installed, it can be leveraged
by low privileged users. (CVE-2020-4050)

- Comments from a post or page can sometimes be seen in the latest comments even if the post or page is not
public. (CVE-2020-25286)

Affected Software/OS:
WordPress versions 3.7 - 5.4.1.

Update to version 3.7.34, 3.8.34, 3.9.32, 4.0.31, 4.1.31, 4.2.28, 4.3.24,
4.4.23, 4.5.22, 4.6.19, 4.7.18, 4.8.14, 4.9.15, 5.0.10, 5.1.6, 5.2.7, 5.3.4, 5.4.2 or later.

CVSS Score:

CVSS Vector:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2020-4047
Debian Security Information: DSA-4709 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2020-4048
Common Vulnerability Exposure (CVE) ID: CVE-2020-4049
Common Vulnerability Exposure (CVE) ID: CVE-2020-4050
CopyrightCopyright (C) 2020 Greenbone Networks GmbH

This is only one of 85075 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2020 E-Soft Inc. All rights reserved.