CVE-2020-13487

🗓️ 26 May 2020 13:10:48Reported by mitreType

cve🔗 web.nvd.nist.gov📰️ 2 Media mentions👁 58 Views🌐 WEB

The bbPress plugin for WordPress has stored XSS in the Forum creation section, allowing JavaScript execution at wp-admin/edit.php?post_type=forum for all users

Reporter	Title	Published	Views	Family All 11
Circl	CVE-2020-13487	18 Dec 202307:40	–	circl
CNVD	WordPress bbPress plugin cross-site scripting vulnerability	27 May 202000:00	–	cnvd
Cvelist	CVE-2020-13487	26 May 202013:10	–	cvelist
EUVD	EUVD-2022-4737	3 Oct 202520:07	–	euvd
Github Security Blog	bbPress stored Cross-Site Scripting (XSS) vulnerability in the Forum creation section	24 May 202217:18	–	github
NVD	CVE-2020-13487	26 May 202014:15	–	nvd
OpenVAS	WordPress bbPress Plugin < 2.6.5 Multiple Vulnerabilities	11 May 202300:00	–	openvas
OSV	GHSA-P9XP-XGHP-GQVP bbPress stored Cross-Site Scripting (XSS) vulnerability in the Forum creation section	24 May 202217:18	–	osv
Prion	Design/Logic Flaw	26 May 202014:15	–	prion
RedhatCVE	CVE-2020-13487	22 May 202515:56	–	redhatcve

NVD

Node

bbpress bbpressRange≤2.6.4wordpress

Source	Link
codex	www.codex.bbpress.org/releases/
bbpress	www.bbpress.org/
wordpress	www.wordpress.org/plugins/bbpress/
youtube	www.youtube.com/watch

Parameter	Position	Path	Description	CWE
action	query param	wp-admin/post.php	Stored XSS in the Forum creation section leading to JavaScript execution at wp-admin/edit.php?post_type=forum (Forum listing page)	CWE-79
post_type	query param	wp-admin/edit.php	Forum listing page vulnerable to XSS when accessing with post_type=forum	CWE-79

21 Nov 2024 05:01Current

5.2Medium risk

Vulners AI Score5.2

CVSS 23.5

CVSS 3.14.8

EPSS0.00579

CWE-79