Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2020-11030

Опубликовано: 30 апр. 2020
Источник: debian
EPSS Низкий

Описание

In affected versions of WordPress, a special payload can be crafted that can lead to scripts getting executed within the search block of the block editor. This requires an authenticated user with the ability to add content. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33).

Пакеты

ПакетСтатусВерсия исправленияРелизТип
wordpressfixed5.4.1+dfsg1-1package
wordpressnot-affectedbusterpackage
wordpressnot-affectedstretchpackage
wordpressnot-affectedjessiepackage

Примечания

  • https://core.trac.wordpress.org/changeset/47636

  • https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-vccm-6gmc-qhjh

  • https://wordpress.org/support/wordpress-version/version-5-4-1/#security-updates

  • Fixed by: https://github.com/WordPress/wordpress-develop/commit/ec05c8b897ef4ae77fc0cba576573e90a726a52f

EPSS

Процентиль: 78%
0.01244
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2020-11030

CVSS3: 6.4
ubuntu
около 5 лет назад

In affected versions of WordPress, a special payload can be crafted that can lead to scripts getting executed within the search block of the block editor. This requires an authenticated user with the ability to add content. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33).

nvd логотип

CVE-2020-11030

CVSS3: 6.4
nvd
около 5 лет назад

In affected versions of WordPress, a special payload can be crafted that can lead to scripts getting executed within the search block of the block editor. This requires an authenticated user with the ability to add content. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33).

fstec логотип

BDU:2020-03940

CVSS3: 5.4
fstec
около 5 лет назад

Уязвимость функции render_block_core_search (render_block_core_search) и render_block_core_rss (rss.php) системы управления содержимым сайта WordPress, позволяющая нарушителю оказать воздействие на целостность данных

EPSS

Процентиль: 78%
0.01244
Низкий