CVE-2020-4050

WordPress/wordpress-develop
on github

Published

Severity

CVSS v3:
3.1 LOW
CVSS v2:
6 MEDIUM

Description

In affected versions of WordPress, misuse of the `set-screen-option` filter's return value allows arbitrary user meta fields to be saved. It does require an admin to install a plugin that would misuse the filter. Once installed, it can be leveraged by low privileged users. This has been patched in version 5.4.2, along with all the previously affected versions via a minor release (5.3.4, 5.2.7, 5.1.6, 5.0.10, 4.9.15, 4.8.14, 4.7.18, 4.6.19, 4.5.22, 4.4.23, 4.3.24, 4.2.28, 4.1.31, 4.0.31, 3.9.32, 3.8.34, 3.7.34).

References

Configurations

CPE23Version StartVersion EndExact Version
cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*3.7 (including)3.7.34*
cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*3.8 (including)3.8.34*
cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*3.9 (including)3.9.32*
cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*4.0 (including)4.0.31*
cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*4.1 (including)4.1.31*
cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*4.2 (including)4.2.28*
cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*4.3 (including)4.3.24*
cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*4.4 (including)4.4.23*
cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*4.5 (including)4.5.22*
cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*4.6 (including)4.6.19*
cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*4.7 (including)4.7.18*
cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*4.8 (including)4.8.14*
cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*4.9 (including)4.9.15*
cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*5.0 (including)5.0.10*
cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*5.1 (including)5.1.6*
cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*5.2 (including)5.2.7*
cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*5.3.0 (including)5.3.4*
cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*5.4 (including)5.4.2*
cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*n/an/a31
cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*n/an/a32
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*n/an/a8.0
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*n/an/a9.0
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*n/an/a10.0

External Links