CVE-2020-11030 — Improper Neutralization in Wordpress
Severity
5.4MEDIUMNVD
EPSS
1.0%
top 22.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedApr 30
Latest updateMay 5
Description
In affected versions of WordPress, a special payload can be crafted that can lead to scripts getting executed within the search block of the block editor. This requires an authenticated user with the ability to add content. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33).
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7
Affected Packages4 packages
Also affects: Debian Linux 10.0, 9.0
🔴Vulnerability Details
1OSV▶
CVE-2020-11030: In affected versions of WordPress, a special payload can be crafted that can lead to scripts getting executed within the search block of the block edi↗2020-04-30
📋Vendor Advisories
1Debian▶
CVE-2020-11030: wordpress - In affected versions of WordPress, a special payload can be crafted that can lea...↗2020
💬Community
3Bugzilla▶
CVE-2020-11030 wordpress: special crafted payload can lead to scripts getting executed within the search block of the block editor↗2020-05-05
Bugzilla▶
CVE-2020-11030 wordpress: special crafted payload can lead to scripts getting executed within the search block of the block editor [epel-6]↗2020-05-05
Bugzilla▶
CVE-2020-11030 wordpress: special crafted payload can lead to scripts getting executed within the search block of the block editor [epel-7]↗2020-05-05