CVE-2020-11028

🗓️ 30 Apr 2020 23:15:00Reported by ubuntu.comType

Affected WordPress versions may lead to unauthenticated disclosure of private posts. Patched in version 5.4.1 and minor releases for all previously affected versions

Reporter	Title	Published	Views	Family All 67
BDU FSTEC	The vulnerability of the parse_query method (class-wp-query.php) in the WordPress content management system allows a hacker to access confidential data.	14 Aug 202000:00	–	bdu_fstec
CNVD	WordPress Access Control Error Vulnerability	7 May 202000:00	–	cnvd
CVE	CVE-2020-11028	30 Apr 202022:15	–	cve
Cvelist	CVE-2020-11028 Unauthenticated disclosure of certain private posts in WordPress	30 Apr 202022:15	–	cvelist
Debian	[SECURITY] [DLA 2208-1] wordpress security update	11 May 202013:43	–	debian
Debian	[SECURITY] [DSA 4677-1] wordpress security update	6 May 202006:30	–	debian
Debian	[SECURITY] [DSA 4677-1] wordpress security update	6 May 202006:30	–	debian
Debian CVE	CVE-2020-11028	30 Apr 202022:15	–	debiancve
Tenable Nessus	Debian DLA-2208-1 : wordpress security update	12 May 202000:00	–	nessus
Tenable Nessus	Debian DSA-4677-1 : wordpress - security update	7 May 202000:00	–	nessus

OS	OS Version	Architecture	Package	Filename
Ubuntu	22.04	any	wordpress	wordpress_0_any.deb
Ubuntu	18.04	any	wordpress	wordpress_0_any.deb
Ubuntu	20.04	any	wordpress	wordpress_0_any.deb
Ubuntu	24.04	any	wordpress	wordpress_0_any.deb
Ubuntu	25.10	any	wordpress	wordpress_0_any.deb
Ubuntu	26.04	any	wordpress	wordpress_0_any.deb

Source	Link
github	www.github.com/WordPress/wordpress-develop/security/advisories/GHSA-xhx9-759f-6p2w
wordpress	www.wordpress.org/support/wordpress-version/version-5-4-1/
cve	www.cve.org/CVERecord

11 Jul 2025 07:43Current

7High risk

Vulners AI Score7

CVSS 24.3

CVSS 3.15.8 - 7.5

EPSS0.02334