Lucene search
RyanWPVDB-ID:55438B63-5FC9-4812-AFC4-2F1EFF800D5FHistoryApr 29, 2020 - 12:00 a.m.
WordPress < 5.4.1 - Authenticated Cross-Site Scripting (XSS) in File Uploads
2020-04-2900:00:00
Ryan
wpscan.com
18
0.003 Low
EPSS
Percentile
70.5%
Authenticated users with the capability to upload files could upload files with specially crafted names containing utf8 characters to execute JavaScript when later viewed.
References
core.trac.wordpress.org/changeset/47638/
github.com/WordPress/wordpress-develop/security/advisories/GHSA-3gw2-4656-pfr2
hackerone.com/reports/179695
wordpress.org/news/2020/04/wordpress-5-4-1/
www.wordfence.com/blog/2020/04/unpacking-the-7-vulnerabilities-fixed-in-todays-wordpress-5-4-1-security-update/
Related
ubuntucve
ubuntucve
CVE-2020-11026
2020-04-30 00:00:00
nvd
nvd
CVE-2020-11026
2020-04-30 23:15:11
prion
prion
Code injection
2020-04-30 23:15:00
debiancve
debiancve
CVE-2020-11026
2020-04-30 23:15:11
cvelist
cvelist
CVE-2020-11026 Specially crafted filenames in WordPress leading to XSS
2020-04-30 22:15:32
cve
cve
CVE-2020-11026
2020-04-30 23:15:11
osv
osv
BIT-wordpress-multisite-2020-11026
2024-03-06 11:12:06
CVE-2020-11026
2020-04-30 23:15:11
BIT-wordpress-2020-11026
2024-03-06 11:12:14
hackerone
hackerone
WordPress: XSS via unicode characters in upload filename
2016-11-02 17:06:33
redhatcve
redhatcve
CVE-2020-11026
2022-05-20 23:46:49
openvas
openvas
WordPress Multiple Vulnerabilities (May 2020) - Linux
2020-05-05 00:00:00
WordPress Multiple Vulnerabilities (May 2020) - Windows
2020-05-05 00:00:00
Debian: Security Advisory (DLA-2208-1)
2020-05-12 00:00:00
nessus
nessus
Debian DLA-2208-1 : wordpress security update
2020-05-12 00:00:00
Debian DSA-4677-1 : wordpress - security update
2020-05-07 00:00:00
debian
debian
[SECURITY] [DLA 2208-1] wordpress security update
2020-05-11 13:43:12
[SECURITY] [DSA 4677-1] wordpress security update
2020-05-06 06:30:09
[SECURITY] [DSA 4677-1] wordpress security update
2020-05-06 06:30:09