CVE-2018-20147 — Incorrect Authorization in Wordpress

Severity

6.5MEDIUMNVD

EPSS

5.8%

top 9.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedDec 14

Latest updateMay 13

Description

In WordPress before 4.9.9 and 5.x before 5.0.1, authors could modify metadata to bypass intended restrictions on deleting files.

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

▶debiandebian/wordpress< wordpress 5.0.1+dfsg1-1 (bookworm)

▶NVDwordpress/wordpress5.0 — 5.0.1+1

▶Debianwordpress/wordpress< 5.0.1+dfsg1-1+3

Also affects: Debian Linux 8.0, 9.0

GHSA

GHSA-ww63-9p7h-rc9v: In WordPress before 4↗2022-05-13

▶

OSV

CVE-2018-20147: In WordPress before 4↗2018-12-14

▶

Debian

CVE-2018-20147: wordpress - In WordPress before 4.9.9 and 5.x before 5.0.1, authors could modify metadata to...↗2018

▶