Lucene search
GoogleOSV:CVE-2020-11026HistoryApr 30, 2020 - 11:15 p.m.
CVE-2020-11026
2020-04-3023:15:11
Google
osv.dev
3
In affected versions of WordPress, files with a specially crafted name when uploaded to the Media section can lead to script execution upon accessing the file. This requires an authenticated user with privileges to upload files. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33).
Related
ubuntucve
ubuntucve
CVE-2020-11026
2020-04-30 00:00:00
nvd
nvd
CVE-2020-11026
2020-04-30 23:15:11
prion
prion
Code injection
2020-04-30 23:15:00
debiancve
debiancve
CVE-2020-11026
2020-04-30 23:15:11
cvelist
cvelist
CVE-2020-11026 Specially crafted filenames in WordPress leading to XSS
2020-04-30 22:15:32
cve
cve
CVE-2020-11026
2020-04-30 23:15:11
osv
osv
BIT-wordpress-multisite-2020-11026
2024-03-06 11:12:06
BIT-wordpress-2020-11026
2024-03-06 11:12:14
wordpress - security update
2020-05-10 00:00:00
hackerone
hackerone
WordPress: XSS via unicode characters in upload filename
2016-11-02 17:06:33
wpvulndb
wpvulndb
WordPress < 5.4.1 - Authenticated Cross-Site Scripting (XSS) in File Uploads
2020-04-29 00:00:00
redhatcve
redhatcve
CVE-2020-11026
2022-05-20 23:46:49
openvas
openvas
WordPress Multiple Vulnerabilities (May 2020) - Linux
2020-05-05 00:00:00
WordPress Multiple Vulnerabilities (May 2020) - Windows
2020-05-05 00:00:00
Debian: Security Advisory (DLA-2208-1)
2020-05-12 00:00:00
nessus
nessus
Debian DLA-2208-1 : wordpress security update
2020-05-12 00:00:00
Debian DSA-4677-1 : wordpress - security update
2020-05-07 00:00:00
debian
debian
[SECURITY] [DLA 2208-1] wordpress security update
2020-05-11 13:43:12
[SECURITY] [DSA 4677-1] wordpress security update
2020-05-06 06:30:09
[SECURITY] [DSA 4677-1] wordpress security update
2020-05-06 06:30:09