According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities :
A deserialization vulnerability exists in Requests_Utility_FilteredIterator class.
A cross-site scripting (XSS) vulnerability exists via global variables and post slugs.
A denial of service vulnerability against the MySQL database.
Two privilege escalation vulnerabilities in XML-RPC.
An arbitrary file deletion vulnerability exists via a bypass of protected meta.
A cross-site request forgery (CSRF) vulnerability exists when updating a background image.
Note that the scanner has not tested for these issues but has instead relied only on the applicationβs self-reported version number.
No source data
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28032
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28033
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28034
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28035
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28036
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28037
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28038
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28039
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28040
wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/
wordpress.org/support/wordpress-version/version-4-0-32/