WordPress XSS Vulnerability in May 2020 for Window
Reporter | Title | Published | Views | Family All 15 |
---|---|---|---|---|
![]() | BIT-wordpress-multisite-2020-11030 | 6 Mar 202411:11 | – | osv |
![]() | BIT-wordpress-2020-11030 | 6 Mar 202411:12 | – | osv |
![]() | CVE-2020-11030 | 30 Apr 202023:15 | – | osv |
![]() | CVE-2020-11030 | 30 Apr 202023:15 | – | nvd |
![]() | WordPress XSS Vulnerability (May 2020) - Linux | 5 May 202000:00 | – | openvas |
![]() | Code injection | 30 Apr 202023:15 | – | prion |
![]() | CVE-2020-11030 | 30 Apr 202023:15 | – | debiancve |
![]() | CVE-2020-11030 | 30 Apr 202000:00 | – | ubuntucve |
![]() | CVE-2020-11030 Cross-site scripting (XSS) in Search block in WordPress | 30 Apr 202022:15 | – | cvelist |
![]() | Cross-site Scripting (XSS) | 6 May 202004:26 | – | veracode |
# SPDX-FileCopyrightText: 2020 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
CPE = "cpe:/a:wordpress:wordpress";
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.143821");
script_version("2024-02-08T05:05:59+0000");
script_tag(name:"last_modification", value:"2024-02-08 05:05:59 +0000 (Thu, 08 Feb 2024)");
script_tag(name:"creation_date", value:"2020-05-05 07:56:24 +0000 (Tue, 05 May 2020)");
script_tag(name:"cvss_base", value:"3.5");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:S/C:N/I:P/A:N");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2020-08-18 15:05:00 +0000 (Tue, 18 Aug 2020)");
script_cve_id("CVE-2020-11030");
script_tag(name:"qod_type", value:"remote_banner");
script_tag(name:"solution_type", value:"VendorFix");
script_name("WordPress XSS Vulnerability (May 2020) - Windows");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2020 Greenbone AG");
script_family("Web application abuses");
script_dependencies("gb_wordpress_http_detect.nasl", "os_detection.nasl");
script_mandatory_keys("wordpress/detected", "Host/runs_windows");
script_tag(name:"summary", value:"WordPress is prone to a cross-site scripting vulnerability.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
script_tag(name:"insight", value:"A special payload can be crafted that can lead to scripts getting executed
within the RSS and search block of the block editor. This requires an authenticated user with the ability to
add content.");
script_tag(name:"affected", value:"WordPress versions 5.2 - 5.4.");
script_tag(name:"solution", value:"Update to version 5.2.6, 5.3.3, 5.4.1 or later.");
script_xref(name:"URL", value:"https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-vccm-6gmc-qhjh");
exit(0);
}
include("host_details.inc");
include("version_func.inc");
if (!port = get_app_port(cpe: CPE))
exit(0);
if (!infos = get_app_version_and_location(cpe: CPE, port: port, exit_no_version: TRUE))
exit(0);
version = infos["version"];
location = infos["location"];
if (version_in_range(version: version, test_version: "5.2", test_version2: "5.2.5")) {
report = report_fixed_ver(installed_version: version, fixed_version: "5.2.6", install_path: location);
security_message(port: port, data: report);
exit(0);
}
if (version_in_range(version: version, test_version: "5.3", test_version2: "5.3.2")) {
report = report_fixed_ver(installed_version: version, fixed_version: "5.3.3", install_path: location);
security_message(port: port, data: report);
exit(0);
}
if (version_is_equal(version: version, test_version: "5.4")) {
report = report_fixed_ver(installed_version: version, fixed_version: "5.4.1", install_path: location);
security_message(port: port, data: report);
exit(0);
}
exit(99);
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo