6 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
3.5 Low
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N
0.001 Low
EPSS
Percentile
41.8%
In affected versions of WordPress, misuse of the set-screen-option
filter’s return value allows arbitrary user meta fields to be saved. It
does require an admin to install a plugin that would misuse the filter.
Once installed, it can be leveraged by low privileged users. This has been
patched in version 5.4.2, along with all the previously affected versions
via a minor release (5.3.4, 5.2.7, 5.1.6, 5.0.10, 4.9.15, 4.8.14, 4.7.18,
4.6.19, 4.5.22, 4.4.23, 4.3.24, 4.2.28, 4.1.31, 4.0.31, 3.9.32, 3.8.34,
3.7.34).
core.trac.wordpress.org/changeset/47951
github.com/WordPress/wordpress-develop/commit/b8dea76b495f0072523106c6ec46b9ea0d2a0920
github.com/WordPress/wordpress-develop/security/advisories/GHSA-4vpv-fgg2-gcqc
launchpad.net/bugs/cve/CVE-2020-4050
nvd.nist.gov/vuln/detail/CVE-2020-4050
security-tracker.debian.org/tracker/CVE-2020-4050
wordpress.org/news/2020/06/wordpress-5-4-2-security-and-maintenance-release/
www.cve.org/CVERecord?id=CVE-2020-4050
6 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
3.5 Low
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N
0.001 Low
EPSS
Percentile
41.8%