is_blog_installed in wp-includes/functions.php in WordPress prior to 5.5.2 improperly determines whether WordPress is already installed, which might allow an malicious user to perform a new installation, leading to remote code execution (as well as a denial of service for the old installation).
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
wordpress wordpress |
||
fedoraproject fedora 31 |
||
fedoraproject fedora 32 |
||
fedoraproject fedora 33 |
||
debian debian linux 10.0 |