CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 1CVE-2020-26596 – Elementor Pro <= 3.0.5 - Authenticated Remote Code Execution in Dynamic OOO Widget
https://notcve.org/view.php?id=CVE-2020-26596
The Dynamic OOO widget for the Elementor Pro plugin through 3.0.5 for WordPress allows remote authenticated users to execute arbitrary code because only the Editor role is needed to upload executable PHP code via the PHP Raw snippet. NOTE: this issue can be mitigated by removing the Dynamic OOO widget or by restricting availability of the Editor role. El widget Dynamic OOO para el plugin Elementor Pro versiones hasta 3.0.5 para WordPress, permite a usuarios autenticados remotos ejecutar código arbitrario porque solo se necesita el rol Editor para cargar código PHP ejecutable por medio del fragmento PHP Raw. NOTA: este problema se puede mitigar eliminando el widget Dynamic OOO o restringiendo la disponibilidad del rol Editor • https://elementor.com/pro/changelog https://ww2.compunet.cl/dia-cero-en-plugin-de-wordpres-detectada-compunet-redteam • CWE-269: Improper Privilege Management •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-25286 – WordPress Core < 5.4.2 - Comment Disclosure
https://notcve.org/view.php?id=CVE-2020-25286
In wp-includes/comment-template.php in WordPress before 5.4.2, comments from a post or page could sometimes be seen in the latest comments even if the post or page was not public. En el archivo wp-includes/comment-template.php en WordPress versiones anteriores a 5.4.2, los comentarios de una publicación o página podrían algunas veces ser vistos en los últimos comentarios, inclusive si la publicación o la página no eran públicas • https://core.trac.wordpress.org/changeset/47984 https://wordpress.org/news/2020/06/wordpress-5-4-2-security-and-maintenance-release • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.4EPSS: 0%CPEs: 3EXPL: 0CVE-2020-11030 – Cross-site scripting (XSS) in Search block in WordPress
https://notcve.org/view.php?id=CVE-2020-11030
In affected versions of WordPress, a special payload can be crafted that can lead to scripts getting executed within the search block of the block editor. This requires an authenticated user with the ability to add content. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33). En las versiones afectadas de WordPress, puede ser diseñada una carga útil especial que puede conllevar a que los scripts sean ejecutados dentro del bloque de búsqueda del editor de bloques. Esto requiere un usuario autenticado con la capacidad de agregar contenido. • https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-vccm-6gmc-qhjh https://wordpress.org/support/wordpress-version/version-5-4-1/#security-updates https://www.debian.org/security/2020/dsa-4677 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-707: Improper Neutralization •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2020-11028 – Unauthenticated disclosure of certain private posts in WordPress
https://notcve.org/view.php?id=CVE-2020-11028
In affected versions of WordPress, some private posts, which were previously public, can result in unauthenticated disclosure under a specific set of conditions. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33). En las versiones afectadas de WordPress, algunas publicaciones privadas, que anteriormente eran públicas, pueden resultar en una divulgación no autenticada bajo un conjunto específico de condiciones. Esto ha sido corregido en la versión 5.4.1, junto con todas las versiones afectadas anteriormente mediante una versión menor (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33). • https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-xhx9-759f-6p2w https://lists.debian.org/debian-lts-announce/2020/05/msg00011.html https://wordpress.org/support/wordpress-version/version-5-4-1/#security-updates https://www.debian.org/security/2020/dsa-4677 • CWE-284: Improper Access Control CWE-306: Missing Authentication for Critical Function •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2019-20041 – WordPress Core < 5.3.1 - Authenticated Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-20041
wp_kses_bad_protocol in wp-includes/kses.php in WordPress before 5.3.1 mishandles the HTML5 colon named entity, allowing attackers to bypass input sanitization, as demonstrated by the javascript: substring. La función wp_kses_bad_protocol en el archivo wp-includes/kses.php en WordPress versiones anteriores a la versión 5.3.1, maneja inapropiadamente la entidad llamada HTML5 colon, permitiendo a atacantes omitir el saneamiento de entrada, como es demostrado por la subcadena javascript&colon. • https://github.com/WordPress/wordpress-develop/commit/b1975463dd995da19bb40d3fa0786498717e3c53 https://lists.debian.org/debian-lts-announce/2020/01/msg00010.html https://seclists.org/bugtraq/2020/Jan/8 https://wordpress.org/news/2019/12/wordpress-5-3-1-security-and-maintenance-release https://www.debian.org/security/2020/dsa-4599 https://www.debian.org/security/2020/dsa-4677 • CWE-20: Improper Input Validation CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •