According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities :
A cross-site scripting (XSS) vulnerability exist in the block editor.
A cross-site scripting (XSS) vulnerability exist in media files.
An open redirect vulnerability exists in wp_validate_redirect().
A cross-site scripting (XSS) vulnerability exist in theme uploads.
A privilege escalation vulnerability exists in set-screen-option.
An authorization bypass vulnerability exists in password-protected posts and pages.
Note that the scanner has not tested for these issues but has instead relied only on the applicationβs self-reported version number.
No source data
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25286
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-4046
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-4047
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-4048
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-4049
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-4050
wordpress.org/news/2020/06/wordpress-5-4-2-security-and-maintenance-release/
wordpress.org/support/wordpress-version/version-5-0-10/