CVE-2020-11026
HIGH severity · CVSS 8.7 · CWE-707
8.7CVSS HIGH
Summary
In affected versions of WordPress, files with a specially crafted name when uploaded to the Media section can lead to script execution upon accessing the file. This requires an authenticated user with privileges to upload files. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33).
Impact & exploitability
Attack vectorNetwork
Attack complexityLow
Privileges requiredLow
User interactionRequired
Confidentiality impactHigh
Integrity impactHigh
Availability impactNone
Exploit probability (EPSS)2%
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
Affected products we track (1)
Recommendation
Apply the vendor fix promptly. Open any affected product above for its exact safe version.
Additional information
- NVD record
- https://wordpress.org/support/wordpress-version/version-5-4-1/#security-updatesAdvisory
- https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-3gw2-4656-pfr2Advisory
- https://lists.debian.org/debian-lts-announce/2020/05/msg00011.htmlAdvisory
- https://www.debian.org/security/2020/dsa-4677Advisory