Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2020-11025

Опубликовано: 30 апр. 2020
Источник: debian
EPSS Низкий

Описание

In affected versions of WordPress, a cross-site scripting (XSS) vulnerability in the navigation section of Customizer allows JavaScript code to be executed. Exploitation requires an authenticated user. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33).

Пакеты

ПакетСтатусВерсия исправленияРелизТип
wordpressfixed5.4.1+dfsg1-1package
wordpressnot-affectedjessiepackage

Примечания

  • https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-4mhg-j6fx-5g3c

  • https://wordpress.org/support/wordpress-version/version-5-4-1/#security-updates

  • https://core.trac.wordpress.org/changeset/47633

  • https://github.com/WordPress/wordpress-develop/commit/cfb690cb8efaee32d55b10a7771afb0f1f47aab3

EPSS

Процентиль: 77%
0.01086
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2020-11025

CVSS3: 5.8
ubuntu
больше 5 лет назад

In affected versions of WordPress, a cross-site scripting (XSS) vulnerability in the navigation section of Customizer allows JavaScript code to be executed. Exploitation requires an authenticated user. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33).

nvd логотип

CVE-2020-11025

CVSS3: 5.8
nvd
больше 5 лет назад

In affected versions of WordPress, a cross-site scripting (XSS) vulnerability in the navigation section of Customizer allows JavaScript code to be executed. Exploitation requires an authenticated user. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33).

fstec логотип

BDU:2020-03935

CVSS3: 5.4
fstec
больше 5 лет назад

Уязвимость системы управления содержимым сайта WordPress, связанная с недостатками используемых мер по защите структур веб-страницы, позволяющая нарушителю оказать воздействие на целостность данных

EPSS

Процентиль: 77%
0.01086
Низкий