CVE-2020-13487

🗓️ 26 May 2020 13:10:48Reported by mitreType

cve🔗 web.nvd.nist.gov📰️ 2 Media mentions👁 64 Views🌐 WEB

The bbPress plugin for WordPress has stored XSS in the Forum creation section, allowing JavaScript execution at wp-admin/edit.php?post_type=forum for all users

Reporter	Title	Published	Views	Family All 12
Circl	CVE-2020-13487	18 Dec 202307:40	–	circl
CNVD	WordPress bbPress plugin cross-site scripting vulnerability	27 May 202000:00	–	cnvd
Cvelist	CVE-2020-13487	26 May 202013:10	–	cvelist
EUVD	EUVD-2022-4737	3 Oct 202520:07	–	euvd
Github Security Blog	bbPress stored Cross-Site Scripting (XSS) vulnerability in the Forum creation section	24 May 202217:18	–	github
NVD	CVE-2020-13487	26 May 202014:15	–	nvd
OpenVAS	WordPress bbPress Plugin < 2.6.5 Multiple Vulnerabilities	11 May 202300:00	–	openvas
OSV	CVE-2020-13487	26 May 202014:15	–	osv
OSV	GHSA-P9XP-XGHP-GQVP bbPress stored Cross-Site Scripting (XSS) vulnerability in the Forum creation section	24 May 202217:18	–	osv
Prion	Design/Logic Flaw	26 May 202014:15	–	prion

NVD

Node

bbpress bbpressRange≤2.6.4wordpress

Source	Link
codex	www.codex.bbpress.org/releases/
bbpress	www.bbpress.org/
wordpress	www.wordpress.org/plugins/bbpress/
youtube	www.youtube.com/watch

Parameter	Position	Path	Description	CWE
post_type	query param	wp-admin/edit.php?post_type=forum	Stored XSS in the Forum creation section enabling JavaScript execution in admin page	CWE-79
action	query param	wp-admin/post.php?action=edit	Stored XSS via the edit action parameter enabling JavaScript execution in admin page	CWE-79

17 Jun 2026 02:53Current

5.2Medium risk

Vulners AI Score5.2

CVSS 23.5

CVSS 3.14.8

EPSS0.01389

CWE-79