Vulmon Recent Vulnerabilities Trends Blog About Contact
4.3
CVSSv2

CVE-2020-28040

Published: 02/11/2020 Updated: 11/11/2020
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 4.3 | Impact Score: 1.4 | Exploitability Score: 2.8
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Subscribe to Wordpress

Vulnerability Summary

WordPress prior to 5.5.2 allows CSRF attacks that change a theme's background image.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

wordpress wordpress

Vendor Advisories

Arch Linux Issues:
WordPress before 552 allows CSRF attacks that change a theme's background image ...
Debian CVElist Bug Report Logs: wordpress: Wordpress 5.5.2 security release
Debian Bug report logs - #973562 wordpress: Wordpress 552 security release Package: wordpress; Maintainer for wordpress is Craig Small <csmall@debianorg>; Source for wordpress is src:wordpress (PTS, buildd, popcon) Reported by: Craig Small <csmall@debianorg> Date: Sun, 1 Nov 2020 21:03:02 UTC Severity: importan ...
Debian Security Advisories: DSA-4784-1 wordpress -- security update
Several vulnerabilities were discovered in Wordpress, a web blogging tool They allowed remote attackers to run insecure deserialization, embed spam, perform various Cross-Site Scripting (XSS) or Cross-Site Request Forgery (CSRF) attacks, escalate privileges, run arbitrary code, and delete arbitrary files For the stable distribution (buster), thes ...
Arch Linux Advisories: [ASA-202011-3] wordpress: multiple issues
Arch Linux Security Advisory ASA-202011-3 ========================================= Severity: Critical Date : 2020-11-03 CVE-ID : CVE-2020-28032 CVE-2020-28033 CVE-2020-28034 CVE-2020-28035 CVE-2020-28036 CVE-2020-28037 CVE-2020-28038 CVE-2020-28039 CVE-2020-28040 Package : wordpress Type : multiple issues Remote : Yes ...

Github Repositories

NVD-NIST-Parser

NVD-NIST Parser is a parser service. It parses to NVD source and information to you about your product vulnerabilities.

NVD-NIST Parser NVD-NIST Parser is a parser service It parses to NVD source and information to you about your product vulnerabilities Get all affected vulnerabilities of your product Get vulnerabilitiy detail Simple usage: Now it service has only 2 endpoint One of provides to get all vulnerabilities of your product Request url : /api/GetAllVulnerabilities?vendorName=wor

References

CWE-352https://blog.wpscan.com/2020/10/30/wordpress-5.5.2-security-release.htmlhttps://lists.debian.org/debian-lts-announce/2020/11/msg00004.htmlhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHVNK2WYAM3ZTCXTFSEIT56IKLVJHU3/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VAVVYJKA2I6CRQUINECDPBGWMQDEG244/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VUXVUAKL2HL4QYJEPHBNVQQWRMFMII2Y/https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/https://www.debian.org/security/2020/dsa-4784https://nvd.nist.govhttps://github.com/recepkizilarslan/NVD-NIST-Parserhttps://security.archlinux.org/CVE-2020-28040https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973562
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2021-25175template injectionspoofCVE-2021-21251physicalCVE-2020-28482CVE-2021-1682CVE-2021-0208CVE-2021-3113