GitHub_MCVELIST:CVE-2020-11027CVE-2020-11027 Password reset links invalidation issue in WordPress
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N
8 High
AI Score
Confidence
High
0.008 Low
EPSS
Percentile
81.7%
In affected versions of WordPress, a password reset link emailed to a user does not expire upon changing the user password. Access would be needed to the email account of the user by a malicious party for successful execution. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33).
CNA Affected
[
{
"vendor": "WordPress",
"product": "WordPress",
"versions": [
{
"version": ">= 5.4.0, < 5.4.1",
"status": "affected"
},
{
"version": ">= 5.3.0, < 5.3.3",
"status": "affected"
},
{
"version": ">= 5.2.0, < 5.2.6",
"status": "affected"
},
{
"version": ">= 5.1.0, < 5.1.5",
"status": "affected"
},
{
"version": ">= 5.0.0, < 5.0.9",
"status": "affected"
},
{
"version": ">= 4.9.0, < 4.9.14",
"status": "affected"
},
{
"version": ">= 4.8.0, < 4.8.13",
"status": "affected"
},
{
"version": ">= 4.7.0, < 4.7.17",
"status": "affected"
},
{
"version": ">= 4.6.0, < 4.6.18",
"status": "affected"
},
{
"version": ">= 4.5.0, < 4.5.21",
"status": "affected"
},
{
"version": ">= 4.4.0, < 4.4.22",
"status": "affected"
},
{
"version": ">= 4.3.0, < 4.3.23",
"status": "affected"
},
{
"version": ">= 4.2.0, < 4.2.27",
"status": "affected"
},
{
"version": ">= 4.1.0, < 4.1.30",
"status": "affected"
},
{
"version": ">= 4.0.0, < 4.0.30",
"status": "affected"
},
{
"version": ">= 3.9.0, < 3.9.31",
"status": "affected"
},
{
"version": ">= 3.8.0, < 3.8.33",
"status": "affected"
},
{
"version": ">= 3.7.0, < 3.7.33",
"status": "affected"
}
]
}
]References
packetstormsecurity.com/files/173034/WordPress-Theme-Medic-1.0.0-Weak-Password-Recovery-Mechanism.html
github.com/WordPress/wordpress-develop/security/advisories/GHSA-ww7v-jg8c-q6jw
lists.debian.org/debian-lts-announce/2020/05/msg00011.html
wordpress.org/support/wordpress-version/version-5-4-1/#security-updates
www.debian.org/security/2020/dsa-4677
Related
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N
8 High
AI Score
Confidence
High
0.008 Low
EPSS
Percentile
81.7%