CVE-2018-20152 — Improper Input Validation in Wordpress

Severity

6.5MEDIUMNVD

EPSS

11.7%

top 6.30%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedDec 14

Latest updateMay 14

Description

In WordPress before 4.9.9 and 5.x before 5.0.1, authors could bypass intended restrictions on post types via crafted input.

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

▶debiandebian/wordpress< wordpress 5.0.1+dfsg1-1 (bookworm)

▶NVDwordpress/wordpress5.0 — 5.0.1+1

▶Debianwordpress/wordpress< 5.0.1+dfsg1-1+3

Also affects: Debian Linux 8.0, 9.0

GHSA

GHSA-j4jj-c644-q3fc: In WordPress before 4↗2022-05-14

▶

OSV

CVE-2018-20152: In WordPress before 4↗2018-12-14

▶

Debian

CVE-2018-20152: wordpress - In WordPress before 4.9.9 and 5.x before 5.0.1, authors could bypass intended re...↗2018

▶