CVE-2020-4047 Authenticated XSS via media attachment page in WordPress

🗓️ 12 Jun 2020 16:00:36Reported by GitHub_MType

CVE-2020-4047 Authenticated XSS via media attachment page in WordPres

Reporter	Title	Published	Views	Family All 62
BDU FSTEC	The vulnerability of the WordPress website content management system lies in the lack of measures to eliminate script-related HTML tags on web pages, allowing attackers to compromise data integrity.	19 Aug 202000:00	–	bdu_fstec
CNVD	WordPress has unspecified vulnerabilities (CNVD-2021-24379)	15 Jun 202000:00	–	cnvd
CVE	CVE-2020-4047	12 Jun 202016:00	–	cve
Debian	[SECURITY] [DLA 2269-1] wordpress security update	1 Jul 202012:23	–	debian
Debian	[SECURITY] [DLA 2371-1] wordpress security update	11 Sep 202014:42	–	debian
Debian	[SECURITY] [DSA 4709-1] wordpress security update	23 Jun 202014:17	–	debian
Debian	[SECURITY] [DSA 4709-1] wordpress security update	23 Jun 202014:17	–	debian
Debian CVE	CVE-2020-4047	12 Jun 202016:00	–	debiancve
Tenable Nessus	Debian DLA-2269-1 : wordpress security update	2 Jul 202000:00	–	nessus
Tenable Nessus	Debian DLA-2371-1 : wordpress security update	14 Sep 202000:00	–	nessus

[
  {
    "product": "wordpress-develop",
    "vendor": "WordPress",
    "versions": [
      {
        "status": "affected",
        "version": ">= 5.4.0, < 5.4.2"
      },
      {
        "status": "affected",
        "version": ">= 5.3.0, < 5.3.4"
      },
      {
        "status": "affected",
        "version": ">= 5.2.0, < 5.2.7"
      },
      {
        "status": "affected",
        "version": ">= 5.1.0, < 5.1.6"
      },
      {
        "status": "affected",
        "version": ">= 5.0.0, < 5.0.10"
      },
      {
        "status": "affected",
        "version": ">= 4.9.0, < 4.9.15"
      },
      {
        "status": "affected",
        "version": ">= 4.8.0, < 4.8.14"
      },
      {
        "status": "affected",
        "version": ">= 4.7.0, < 4.7.18"
      },
      {
        "status": "affected",
        "version": ">= 4.6.0, < 4.6.19"
      },
      {
        "status": "affected",
        "version": ">= 4.5.0, < 4.5.22"
      },
      {
        "status": "affected",
        "version": ">= 4.4.0, < 4.4.23"
      },
      {
        "status": "affected",
        "version": ">= 4.3.0, < 4.3.24"
      },
      {
        "status": "affected",
        "version": ">= 4.2.0, < 4.2.28"
      },
      {
        "status": "affected",
        "version": ">= 4.1.0, < 4.1.31"
      },
      {
        "status": "affected",
        "version": ">= 4.0.0, < 4.0.31"
      },
      {
        "status": "affected",
        "version": ">= 3.9.0, < 3.9.32"
      },
      {
        "status": "affected",
        "version": ">= 3.8.0, < 3.8.34"
      },
      {
        "status": "affected",
        "version": ">= 3.7.0, < 3.7.34"
      }
    ]
  }
]

Source	Link
lists	www.lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/773N2ZV7QEMBGKH6FBKI6Q5S3YJMW357/
debian	www.debian.org/security/2020/dsa-4709
lists	www.lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ODNHXVJS25YVWYQHOCICXTLIN5UYJFDN/
lists	www.lists.debian.org/debian-lts-announce/2020/07/msg00000.html
github	www.github.com/WordPress/wordpress-develop/commit/0977c0d6b241479ecedfe19e96be69f727c3f81f
wordpress	www.wordpress.org/news/2020/06/wordpress-5-4-2-security-and-maintenance-release/
github	www.github.com/WordPress/wordpress-develop/security/advisories/GHSA-8q2w-5m27-wm27
lists	www.lists.debian.org/debian-lts-announce/2020/09/msg00011.html

11 Sep 2020 16:06Current

6.6Medium risk

Vulners AI Score6.6

CVSS 3.16.8

EPSS0.05566

CWE-80