CVE-2020-11027
Published Apr 30, 2020
Last updated a year ago
Overview
- Description
- In affected versions of WordPress, a password reset link emailed to a user does not expire upon changing the user password. Access would be needed to the email account of the user by a malicious party for successful execution. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33).
- Source
- security-advisories@github.com
- NVD status
- Modified
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 8.1
- Impact score
- 5.2
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 5.5
- Impact score
- 4.9
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:P/I:P/A:N
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252"
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AFDCD9BA-05B3-4EE5-ABE7-A6DF77F1DEB4",
"versionEndExcluding": "3.7.33",
"versionStartIncluding": "3.7"
},
{
"criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8BE6D23B-B8DA-4013-812D-329D765729B3",
"versionEndExcluding": "3.8.33",
"versionStartIncluding": "3.8"
},
{
"criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B249947E-34C8-4319-A756-3095210C86BE",
"versionEndExcluding": "3.9.31",
"versionStartIncluding": "3.9"
},
{
"criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "222FACD8-E13D-43F0-9EB8-D3837534BE61",
"versionEndExcluding": "4.0.30",
"versionStartIncluding": "4.0"
},
{
"criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4F37A9AE-0368-46E5-9163-0E77860D967E",
"versionEndExcluding": "4.1.30",
"versionStartIncluding": "4.1"
},
{
"criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FC97B598-CD50-4501-8368-97160D885596",
"versionEndExcluding": "4.2.27",
"versionStartIncluding": "4.2"
},
{
"criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E071B431-86C3-4DD0-B7D6-7581E53E4398",
"versionEndExcluding": "4.3.23",
"versionStartIncluding": "4.3"
},
{
"criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "65D50EA1-08F5-4F17-B47D-2CABE77B7101",
"versionEndExcluding": "4.4.22",
"versionStartIncluding": "4.4"
},
{
"criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EE8BFCAE-36A9-4017-B484-766AA82A517B",
"versionEndExcluding": "4.5.21",
"versionStartIncluding": "4.5"
},
{
"criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0A44AAFC-3FB1-4FB9-BBE9-6FB8E553AC55",
"versionEndExcluding": "4.6.18",
"versionStartIncluding": "4.6"
},
{
"criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1C2F3EB4-8D53-4E73-99CB-6D4DB18862CB",
"versionEndExcluding": "4.7.17",
"versionStartIncluding": "4.7"
},
{
"criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4A2168FB-94B6-4B89-A205-B8806668C56C",
"versionEndExcluding": "4.8.13",
"versionStartIncluding": "4.8"
},
{
"criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D6B09641-582C-4BC9-B0A8-976CC4CB2F9C",
"versionEndExcluding": "4.9.14",
"versionStartIncluding": "4.9"
},
{
"criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "29C2D12B-4F1B-4473-A23B-C923FA1EF442",
"versionEndExcluding": "5.0.9",
"versionStartIncluding": "5.0"
},
{
"criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4E6ACD77-B8AA-40ED-8F43-F7AE245556FE",
"versionEndExcluding": "5.1.5",
"versionStartIncluding": "5.1"
},
{
"criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0AA6DEC1-5040-4D00-9A01-F2C0A2D071D3",
"versionEndExcluding": "5.2.6",
"versionStartIncluding": "5.2"
},
{
"criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E1FA1821-19B3-482D-BCA1-3F2E22A7B603",
"versionEndExcluding": "5.3.3",
"versionStartIncluding": "5.3"
},
{
"criteria": "cpe:2.3:a:wordpress:wordpress:5.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "46EA68C0-B847-447C-BB19-1C440F0A761D"
}
],
"operator": "OR"
}
]
}
]