CVE-2020-11026 Specially crafted filenames in WordPress leading to XSS

🗓️ 30 Apr 2020 22:15:32Reported by GitHub_MType

Specially crafted filenames in WordPress leading to XSS. Requires authenticated user privilege to upload files. Patched in versions 5.4.1, 5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.3

Reporter	Title	Published	Views	Family All 67
BDU FSTEC	The vulnerabilities of the formatting.php and SanitizeFileName.php components of the WordPress content management system allow attackers to compromise data integrity.	14 Aug 202000:00	–	bdu_fstec
CVE	CVE-2020-11026	30 Apr 202022:15	–	cve
Debian	[SECURITY] [DLA 2208-1] wordpress security update	11 May 202013:43	–	debian
Debian	[SECURITY] [DSA 4677-1] wordpress security update	6 May 202006:30	–	debian
Debian	[SECURITY] [DSA 4677-1] wordpress security update	6 May 202006:30	–	debian
Debian CVE	CVE-2020-11026	30 Apr 202022:15	–	debiancve
Tenable Nessus	Debian DLA-2208-1 : wordpress security update	12 May 202000:00	–	nessus
Tenable Nessus	Debian DSA-4677-1 : wordpress - security update	7 May 202000:00	–	nessus
Tenable Nessus	Linux Distros Unpatched Vulnerability : CVE-2020-11026	27 Aug 202500:00	–	nessus
Tenable Nessus	WordPress 3.7.x < 3.7.33 Multiple Vulnerabilities	18 May 202000:00	–	nessus

[
  {
    "product": "WordPress",
    "vendor": "WordPress",
    "versions": [
      {
        "status": "affected",
        "version": ">= 5.4.0, < 5.4.1"
      },
      {
        "status": "affected",
        "version": ">= 5.3.0, < 5.3.3"
      },
      {
        "status": "affected",
        "version": ">= 5.2.0, < 5.2.6"
      },
      {
        "status": "affected",
        "version": ">= 5.1.0, < 5.1.5"
      },
      {
        "status": "affected",
        "version": ">= 5.0.0, < 5.0.9"
      },
      {
        "status": "affected",
        "version": ">= 4.9.0, < 4.9.14"
      },
      {
        "status": "affected",
        "version": ">= 4.8.0, < 4.8.13"
      },
      {
        "status": "affected",
        "version": ">= 4.7.0, < 4.7.17"
      },
      {
        "status": "affected",
        "version": ">= 4.6.0, < 4.6.18"
      },
      {
        "status": "affected",
        "version": ">= 4.5.0, < 4.5.21"
      },
      {
        "status": "affected",
        "version": ">= 4.4.0, < 4.4.22"
      },
      {
        "status": "affected",
        "version": ">= 4.3.0, < 4.3.23"
      },
      {
        "status": "affected",
        "version": ">= 4.2.0, < 4.2.27"
      },
      {
        "status": "affected",
        "version": ">= 4.1.0, < 4.1.30"
      },
      {
        "status": "affected",
        "version": ">= 4.0.0, < 4.0.30"
      },
      {
        "status": "affected",
        "version": ">= 3.9.0, < 3.9.31"
      },
      {
        "status": "affected",
        "version": ">= 3.8.0, < 3.8.33"
      },
      {
        "status": "affected",
        "version": ">= 3.7.0, < 3.7.33"
      }
    ]
  }
]

Source	Link
lists	www.lists.debian.org/debian-lts-announce/2020/05/msg00011.html
debian	www.debian.org/security/2020/dsa-4677
github	www.github.com/WordPress/wordpress-develop/security/advisories/GHSA-3gw2-4656-pfr2
wordpress	www.wordpress.org/support/wordpress-version/version-5-4-1/

11 May 2020 15:06Current

8High risk

Vulners AI Score8

CVSS 3.18.7

EPSS0.02092

CWE-707