CVE-2020-11027

🗓️ 30 Apr 2020 00:00:00Reported by GitHub_MType

cve🔗 web.nvd.nist.gov📰️ 2 Media mentions👁 264 Views

WordPress password reset link vulnerabilit

Reporter	Title	Published	Views	Family All 68
0day.today	WordPress Medic Theme v1.0.0 - Weak Password Recovery Mechanism for Forgotten Password Exploit	19 Jun 202300:00	–	zdt
CNVD	WordPress Access Restriction Bypass Vulnerability (CNVD-2020-27079)	7 May 202000:00	–	cnvd
Cvelist	CVE-2020-11027 Password reset links invalidation issue in WordPress	30 Apr 202000:00	–	cvelist
Debian	[SECURITY] [DLA 2208-1] wordpress security update	11 May 202013:43	–	debian
Debian	[SECURITY] [DSA 4677-1] wordpress security update	6 May 202006:30	–	debian
Debian	[SECURITY] [DSA 4677-1] wordpress security update	6 May 202006:30	–	debian
Debian CVE	CVE-2020-11027	30 Apr 202000:00	–	debiancve
Tenable Nessus	Debian DLA-2208-1 : wordpress security update	12 May 202000:00	–	nessus
Tenable Nessus	Debian DSA-4677-1 : wordpress - security update	7 May 202000:00	–	nessus
Tenable Nessus	Linux Distros Unpatched Vulnerability : CVE-2020-11027	27 Aug 202500:00	–	nessus

NVD

Vulners

Node

debian debian_linuxMatch8.0

debian debian_linuxMatch9.0

debian debian_linuxMatch10.0

Node

wordpress wordpressRange3.7–3.7.33

wordpress wordpressRange3.8–3.8.33

wordpress wordpressRange3.9–3.9.31

wordpress wordpressRange4.0–4.0.30

wordpress wordpressRange4.1–4.1.30

wordpress wordpressRange4.2–4.2.27

wordpress wordpressRange4.3–4.3.23

wordpress wordpressRange4.4–4.4.22

wordpress wordpressRange4.5–4.5.21

wordpress wordpressRange4.6–4.6.18

wordpress wordpressRange4.7–4.7.17

wordpress wordpressRange4.8–4.8.13

wordpress wordpressRange4.9–4.9.14

wordpress wordpressRange5.0–5.0.9

wordpress wordpressRange5.1–5.1.5

wordpress wordpressRange5.2–5.2.6

wordpress wordpressRange5.3–5.3.3

wordpress wordpressMatch5.4

[
  {
    "vendor": "WordPress",
    "product": "WordPress",
    "versions": [
      {
        "version": ">= 5.4.0, < 5.4.1",
        "status": "affected"
      },
      {
        "version": ">= 5.3.0, < 5.3.3",
        "status": "affected"
      },
      {
        "version": ">= 5.2.0, < 5.2.6",
        "status": "affected"
      },
      {
        "version": ">= 5.1.0, < 5.1.5",
        "status": "affected"
      },
      {
        "version": ">= 5.0.0, < 5.0.9",
        "status": "affected"
      },
      {
        "version": ">= 4.9.0, < 4.9.14",
        "status": "affected"
      },
      {
        "version": ">= 4.8.0, < 4.8.13",
        "status": "affected"
      },
      {
        "version": ">= 4.7.0, < 4.7.17",
        "status": "affected"
      },
      {
        "version": ">= 4.6.0, < 4.6.18",
        "status": "affected"
      },
      {
        "version": ">= 4.5.0, < 4.5.21",
        "status": "affected"
      },
      {
        "version": ">= 4.4.0, < 4.4.22",
        "status": "affected"
      },
      {
        "version": ">= 4.3.0, < 4.3.23",
        "status": "affected"
      },
      {
        "version": ">= 4.2.0, < 4.2.27",
        "status": "affected"
      },
      {
        "version": ">= 4.1.0, < 4.1.30",
        "status": "affected"
      },
      {
        "version": ">= 4.0.0, < 4.0.30",
        "status": "affected"
      },
      {
        "version": ">= 3.9.0, < 3.9.31",
        "status": "affected"
      },
      {
        "version": ">= 3.8.0, < 3.8.33",
        "status": "affected"
      },
      {
        "version": ">= 3.7.0, < 3.7.33",
        "status": "affected"
      }
    ]
  }
]

Source	Link
github	www.github.com/WordPress/wordpress-develop/security/advisories/GHSA-ww7v-jg8c-q6jw
debian	www.debian.org/security/2020/dsa-4677
wordpress	www.wordpress.org/support/wordpress-version/version-5-4-1/
packetstormsecurity	www.packetstormsecurity.com/files/173034/WordPress-Theme-Medic-1.0.0-Weak-Password-Recovery-Mechanism.html
lists	www.lists.debian.org/debian-lts-announce/2020/05/msg00011.html

21 Nov 2024 04:56Current

6.9Medium risk

Vulners AI Score6.9

CVSS 25.5

CVSS 3.16.1 - 8.1

EPSS0.42551