CVE-2020-4050: WordPress plugin vulnerability

June 14, 2020 0

In affected versions of WordPress, misuse of the `set-screen-option` filter’s return value allows arbitrary user meta fields to be saved. It does require an admin to install a plugin that would misuse the filter. Once Read more

CVE-2020-4049: WordPress vulnerability

June 14, 2020 0

In affected versions of WordPress, when uploading themes, the name of the theme folder can be crafted in a way that could lead to JavaScript execution in /wp-admin on the themes page. This does require Read more

CVE-2020-4048: WordPress vulnerability

June 14, 2020 0

In affected versions of WordPress, due to an issue in wp_validate_redirect() and URL sanitization, an arbitrary external link can be crafted leading to unintended/open redirect when clicked. This has been patched in version 5.4.2, along Read more

CVE-2020-4047: WordPress vulnerability

June 14, 2020 0

In affected versions of WordPress, authenticated users with upload permissions (like authors) are able to inject JavaScript into some media file attachment pages in a certain way. This can lead to script execution in the Read more

CVE-2020-4046: WordPress vulnerability

June 14, 2020 0

In affected versions of WordPress, users with low privileges (like contributors and authors) can use the embed block in a certain way to inject unfiltered HTML in the block editor. When affected posts are viewed Read more

1 2 3 7