CVE-2020-4049 Authenticated self-XSS via theme uploads in WordPress

🗓️ 12 Jun 2020 16:00:23Reported by GitHub_MType

CVE-2020-4049 WordPress self-XSS theme uploa

Reporter	Title	Published	Views	Family All 65
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in the IBM HTTP Server and IBM WebSphere Application Server used in IBM WebSphere Application Server in IBM Cloud	16 Jun 202013:32	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in WebSphere Application Server bundled with IBM WebSphere Application Server Patterns	5 Jun 202018:40	–	ibm
BDU FSTEC	The vulnerability of the WordPress website content management system allows for bypassing authentication processes through alternative pathways or channels. This enables attackers to access sensitive data, compromise its integrity, and cause service interruptions.	19 Aug 202000:00	–	bdu_fstec
BDU FSTEC	The vulnerability of the WordPress website content management system lies in the lack of measures to eliminate script-related HTML tags on web pages, allowing attackers to compromise data integrity.	19 Aug 202000:00	–	bdu_fstec
CVE	CVE-2020-4049	12 Jun 202016:00	–	cve
Debian	[SECURITY] [DLA 2269-1] wordpress security update	1 Jul 202012:23	–	debian
Debian	[SECURITY] [DLA 2371-1] wordpress security update	11 Sep 202014:42	–	debian
Debian	[SECURITY] [DSA 4709-1] wordpress security update	23 Jun 202014:17	–	debian
Debian	[SECURITY] [DSA 4709-1] wordpress security update	23 Jun 202014:17	–	debian
Debian CVE	CVE-2020-4049	12 Jun 202016:00	–	debiancve

[
  {
    "product": "wordpress-develop",
    "vendor": "WordPress",
    "versions": [
      {
        "status": "affected",
        "version": ">= 5.4.0, < 5.4.2"
      },
      {
        "status": "affected",
        "version": ">= 5.3.0, < 5.3.4"
      },
      {
        "status": "affected",
        "version": ">= 5.2.0, < 5.2.7"
      },
      {
        "status": "affected",
        "version": ">= 5.1.0, < 5.1.6"
      },
      {
        "status": "affected",
        "version": ">= 5.0.0, < 5.0.10"
      },
      {
        "status": "affected",
        "version": ">= 4.9.0, < 4.9.15"
      },
      {
        "status": "affected",
        "version": ">= 4.8.0, < 4.8.14"
      },
      {
        "status": "affected",
        "version": ">= 4.7.0, < 4.7.18"
      },
      {
        "status": "affected",
        "version": ">= 4.6.0, < 4.6.19"
      },
      {
        "status": "affected",
        "version": ">= 4.5.0, < 4.5.22"
      },
      {
        "status": "affected",
        "version": ">= 4.4.0, < 4.4.23"
      },
      {
        "status": "affected",
        "version": ">= 4.3.0, < 4.3.24"
      },
      {
        "status": "affected",
        "version": ">= 4.2.0, < 4.2.28"
      },
      {
        "status": "affected",
        "version": ">= 4.1.0, < 4.1.31"
      },
      {
        "status": "affected",
        "version": ">= 4.0.0, < 4.0.31"
      },
      {
        "status": "affected",
        "version": ">= 3.9.0, < 3.9.32"
      },
      {
        "status": "affected",
        "version": ">= 3.8.0, < 3.8.34"
      },
      {
        "status": "affected",
        "version": ">= 3.7.0, < 3.7.34"
      }
    ]
  }
]

Source	Link
github	www.github.com/WordPress/wordpress-develop/commit/404f397b4012fd9d382e55bf7d206c1317f01148
lists	www.lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/773N2ZV7QEMBGKH6FBKI6Q5S3YJMW357/
debian	www.debian.org/security/2020/dsa-4709
github	www.github.com/WordPress/wordpress-develop/security/advisories/GHSA-87h4-phjv-rm6p
lists	www.lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ODNHXVJS25YVWYQHOCICXTLIN5UYJFDN/
lists	www.lists.debian.org/debian-lts-announce/2020/07/msg00000.html
wordpress	www.wordpress.org/news/2020/06/wordpress-5-4-2-security-and-maintenance-release/
lists	www.lists.debian.org/debian-lts-announce/2020/09/msg00011.html

11 Sep 2020 16:06Current

5.1Medium risk

Vulners AI Score5.1

CVSS 3.12.4

EPSS0.05886

CWE-80