CVE-2020-11029

Published Apr 30, 2020

Last updated 3 months ago

CVSS medium 5.8

Overview

Description: In affected versions of WordPress, a vulnerability in the stats() method of class-wp-object-cache.php can be exploited to execute cross-site scripting (XSS) attacks. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33).
Source: security-advisories@github.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 6.1
Impact score: 2.7
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:P/A:N

Weaknesses

security-advisories@github.com: CWE-79
nvd@nist.gov: CWE-79

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"
          },
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252"
          },
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AFDCD9BA-05B3-4EE5-ABE7-A6DF77F1DEB4",
            "versionEndExcluding": "3.7.33",
            "versionStartIncluding": "3.7"
          },
          {
            "criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8BE6D23B-B8DA-4013-812D-329D765729B3",
            "versionEndExcluding": "3.8.33",
            "versionStartIncluding": "3.8"
          },
          {
            "criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B249947E-34C8-4319-A756-3095210C86BE",
            "versionEndExcluding": "3.9.31",
            "versionStartIncluding": "3.9"
          },
          {
            "criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "222FACD8-E13D-43F0-9EB8-D3837534BE61",
            "versionEndExcluding": "4.0.30",
            "versionStartIncluding": "4.0"
          },
          {
            "criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4F37A9AE-0368-46E5-9163-0E77860D967E",
            "versionEndExcluding": "4.1.30",
            "versionStartIncluding": "4.1"
          },
          {
            "criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FC97B598-CD50-4501-8368-97160D885596",
            "versionEndExcluding": "4.2.27",
            "versionStartIncluding": "4.2"
          },
          {
            "criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E071B431-86C3-4DD0-B7D6-7581E53E4398",
            "versionEndExcluding": "4.3.23",
            "versionStartIncluding": "4.3"
          },
          {
            "criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "65D50EA1-08F5-4F17-B47D-2CABE77B7101",
            "versionEndExcluding": "4.4.22",
            "versionStartIncluding": "4.4"
          },
          {
            "criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EE8BFCAE-36A9-4017-B484-766AA82A517B",
            "versionEndExcluding": "4.5.21",
            "versionStartIncluding": "4.5"
          },
          {
            "criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0A44AAFC-3FB1-4FB9-BBE9-6FB8E553AC55",
            "versionEndExcluding": "4.6.18",
            "versionStartIncluding": "4.6"
          },
          {
            "criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1C2F3EB4-8D53-4E73-99CB-6D4DB18862CB",
            "versionEndExcluding": "4.7.17",
            "versionStartIncluding": "4.7"
          },
          {
            "criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4A2168FB-94B6-4B89-A205-B8806668C56C",
            "versionEndExcluding": "4.8.13",
            "versionStartIncluding": "4.8"
          },
          {
            "criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D6B09641-582C-4BC9-B0A8-976CC4CB2F9C",
            "versionEndExcluding": "4.9.14",
            "versionStartIncluding": "4.9"
          },
          {
            "criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "29C2D12B-4F1B-4473-A23B-C923FA1EF442",
            "versionEndExcluding": "5.0.9",
            "versionStartIncluding": "5.0"
          },
          {
            "criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4E6ACD77-B8AA-40ED-8F43-F7AE245556FE",
            "versionEndExcluding": "5.1.5",
            "versionStartIncluding": "5.1"
          },
          {
            "criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0AA6DEC1-5040-4D00-9A01-F2C0A2D071D3",
            "versionEndExcluding": "5.2.6",
            "versionStartIncluding": "5.2"
          },
          {
            "criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E1FA1821-19B3-482D-BCA1-3F2E22A7B603",
            "versionEndExcluding": "5.3.3",
            "versionStartIncluding": "5.3"
          },
          {
            "criteria": "cpe:2.3:a:wordpress:wordpress:5.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "46EA68C0-B847-447C-BB19-1C440F0A761D"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References