SB2020042920 - Multiple vulnerabilities in WordPress
Published: April 29, 2020 Updated: October 25, 2024
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 8 secuirty vulnerabilities.
1) Weak Password Recovery Mechanism for Forgotten Password (CVE-ID: CVE-2020-11027)
The vulnerability allows a remote attacker to compromise user accounts.
The vulnerability exists due to password reset token is not correctly invalidated. A remote attacker can abuse such behavior to take over another user account.
Successful exploitation of the vulnerability may allows an attacker to gain full access to the affected website.
2) Improper access control (CVE-ID: CVE-2020-11028)
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions to certain private posts. A remote non-authenticated attacker can bypass implemented security restrictions and read private posts.
3) Cross-site scripting (CVE-ID: CVE-2020-11025)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data in Customizer. A remote authenticated attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
4) Cross-site scripting (CVE-ID: CVE-2020-11030)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data in the search block. A remote authenticated attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
5) Cross-site scripting (CVE-ID: CVE-2020-11029)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data in wp-object-cache. A remote attacker can execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
6) Cross-site scripting (CVE-ID: CVE-2020-11026)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data in file uploads. A remote authenticated attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
7) Stored cross-site scripting (CVE-ID: N/A)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data in the WordPress customizer. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
8) Information disclosure (CVE-ID: CVE-2020-25286)
The vulnerability allows a remote attacker to gain access to potentially sensitive data.
The
vulnerability exists due to improper access restrictions in
wp-includes/comment-template.php, as comments from a post or page could
sometimes be seen in the latest
comments even if the post or page was not public. A remote attacker can
gain access to sensitive information.
Remediation
Install update from vendor's website.
References
- https://wordpress.org/news/2020/04/wordpress-5-4-1/
- https://wpvulndb.com/vulnerabilities/10201/
- https://core.trac.wordpress.org/changeset/47634/
- https://www.wordfence.com/blog/2020/04/unpacking-the-7-vulnerabilities-fixed-in-todays-wordpress-5-4-1-security-update/
- https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-ww7v-jg8c-q6jw
- https://wpvulndb.com/vulnerabilities/10202/
- https://core.trac.wordpress.org/changeset/47635/
- https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-xhx9-759f-6p2w
- https://wpvulndb.com/vulnerabilities/10203/
- https://core.trac.wordpress.org/changeset/47633/
- https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-4mhg-j6fx-5g3c
- https://wpvulndb.com/vulnerabilities/10204/
- https://core.trac.wordpress.org/changeset/47636/
- https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-vccm-6gmc-qhjh
- https://wpvulndb.com/vulnerabilities/10205/
- https://core.trac.wordpress.org/changeset/47637/
- https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-568w-8m88-8g2c
- https://wpvulndb.com/vulnerabilities/10206/
- https://core.trac.wordpress.org/changeset/47638/
- https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-3gw2-4656-pfr2
- https://core.trac.wordpress.org/changeset/47984
- https://wordpress.org/news/2020/06/wordpress-5-4-2-security-and-maintenance-release/