Lucene search

PRIOn knowledge basePRION:CVE-2020-11025

HistoryApr 30, 2020 - 10:15 p.m.

Cross site scripting

2020-04-3022:15:00

PRIOn knowledge base

www.prio-n.com

5.2 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

51.6%

JSON

In affected versions of WordPress, a cross-site scripting (XSS) vulnerability in the navigation section of Customizer allows JavaScript code to be executed. Exploitation requires an authenticated user. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33).

CPENameOperatorVersion
debian_linuxeq9.0
debian_linuxeq10.0
wordpressge4.7
wordpresslt5.4.1

Name	Operator	Version
debian_linux	eq	9.0
debian_linux	eq	10.0
wordpress	ge	4.7
wordpress	lt	5.4.1

References

github.com/WordPress/wordpress-develop/security/advisories/GHSA-4mhg-j6fx-5g3c

wordpress.org/support/wordpress-version/version-5-4-1/

www.debian.org/security/2020/dsa-4677