CVE-2020-25286 – WordPress Core < 5.4.2 - Comment Disclosure
https://notcve.org/view.php?id=CVE-2020-25286
In wp-includes/comment-template.php in WordPress before 5.4.2, comments from a post or page could sometimes be seen in the latest comments even if the post or page was not public. En el archivo wp-includes/comment-template.php en WordPress versiones anteriores a 5.4.2, los comentarios de una publicación o página podrían algunas veces ser vistos en los últimos comentarios, inclusive si la publicación o la página no eran públicas • https://core.trac.wordpress.org/changeset/47984 https://wordpress.org/news/2020/06/wordpress-5-4-2-security-and-maintenance-release • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2020-4049 – Authenticated self-XSS via theme uploads in WordPress
https://notcve.org/view.php?id=CVE-2020-4049
In affected versions of WordPress, when uploading themes, the name of the theme folder can be crafted in a way that could lead to JavaScript execution in /wp-admin on the themes page. This does require an admin to upload the theme, and is low severity self-XSS. This has been patched in version 5.4.2, along with all the previously affected versions via a minor release (5.3.4, 5.2.7, 5.1.6, 5.0.10, 4.9.15, 4.8.14, 4.7.18, 4.6.19, 4.5.22, 4.4.23, 4.3.24, 4.2.28, 4.1.31, 4.0.31, 3.9.32, 3.8.34, 3.7.34). En las versiones afectadas de WordPress, cuando se cargan temas, el nombre de la carpeta temas puede ser diseñada en una manera que podría conllevar a una ejecución de JavaScript en /wp-admin en la página temas. Esto requiere un administrador para cargar el tema, y ?? • https://github.com/WordPress/wordpress-develop/commit/404f397b4012fd9d382e55bf7d206c1317f01148 https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-87h4-phjv-rm6p https://lists.debian.org/debian-lts-announce/2020/07/msg00000.html https://lists.debian.org/debian-lts-announce/2020/09/msg00011.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/773N2ZV7QEMBGKH6FBKI6Q5S3YJMW357 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OD • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVE-2020-4050 – set-screen-option filter misuse by plugins leading to privilege escalation in WordPress
https://notcve.org/view.php?id=CVE-2020-4050
In affected versions of WordPress, misuse of the `set-screen-option` filter's return value allows arbitrary user meta fields to be saved. It does require an admin to install a plugin that would misuse the filter. Once installed, it can be leveraged by low privileged users. This has been patched in version 5.4.2, along with all the previously affected versions via a minor release (5.3.4, 5.2.7, 5.1.6, 5.0.10, 4.9.15, 4.8.14, 4.7.18, 4.6.19, 4.5.22, 4.4.23, 4.3.24, 4.2.28, 4.1.31, 4.0.31, 3.9.32, 3.8.34, 3.7.34). En las versiones afectadas de WordPress, el uso incorrecto del valor de retorno del filtro "set-screen-option", permite que campos meta arbitrarios del usuario sean guardados. • https://github.com/WordPress/wordpress-develop/commit/b8dea76b495f0072523106c6ec46b9ea0d2a0920 https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-4vpv-fgg2-gcqc https://lists.debian.org/debian-lts-announce/2020/07/msg00000.html https://lists.debian.org/debian-lts-announce/2020/09/msg00011.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/773N2ZV7QEMBGKH6FBKI6Q5S3YJMW357 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OD • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVE-2020-4046 – Authenticated XSS through embed block in WordPress
https://notcve.org/view.php?id=CVE-2020-4046
In affected versions of WordPress, users with low privileges (like contributors and authors) can use the embed block in a certain way to inject unfiltered HTML in the block editor. When affected posts are viewed by a higher privileged user, this could lead to script execution in the editor/wp-admin. This has been patched in version 5.4.2, along with all the previously affected versions via a minor release (5.3.4, 5.2.7, 5.1.6, 5.0.10, 4.9.15, 4.8.14, 4.7.18, 4.6.19, 4.5.22, 4.4.23, 4.3.24, 4.2.28, 4.1.31, 4.0.31, 3.9.32, 3.8.34, 3.7.34). En las versiones afectadas de WordPress, los usuarios con pocos privilegios (como colaboradores y autores) pueden usar el bloque incorporado de determinada manera para inyectar HTML no filtrado en el editor de bloques. Cuando las publicaciones afectadas son vistas por un usuario con mayores privilegios, esto podría conllevar a una ejecución de script en el archivo editor/wp-admin. • https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-rpwf-hrh2-39jf https://lists.debian.org/debian-lts-announce/2020/07/msg00000.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/773N2ZV7QEMBGKH6FBKI6Q5S3YJMW357 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ODNHXVJS25YVWYQHOCICXTLIN5UYJFDN https://wordpress.org/news/2020/06/wordpress-5-4-2-security-and-maintenance-release https://www.debian.org/security/2020/dsa • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVE-2020-4047 – Authenticated XSS via media attachment page in WordPress
https://notcve.org/view.php?id=CVE-2020-4047
In affected versions of WordPress, authenticated users with upload permissions (like authors) are able to inject JavaScript into some media file attachment pages in a certain way. This can lead to script execution in the context of a higher privileged user when the file is viewed by them. This has been patched in version 5.4.2, along with all the previously affected versions via a minor release (5.3.4, 5.2.7, 5.1.6, 5.0.10, 4.9.15, 4.8.14, 4.7.18, 4.6.19, 4.5.22, 4.4.23, 4.3.24, 4.2.28, 4.1.31, 4.0.31, 3.9.32, 3.8.34, 3.7.34). En las versiones afectadas de WordPress, los usuarios autenticados con permisos de carga (como los autores) pueden inyectar JavaScript en algunas páginas de archivos adjuntos multimedia de determinada manera. Esto puede conllevar a una ejecución de script en el contexto de un usuario con mayores privilegios cuando el archivo es visualizado por ellos. • https://github.com/WordPress/wordpress-develop/commit/0977c0d6b241479ecedfe19e96be69f727c3f81f https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-8q2w-5m27-wm27 https://lists.debian.org/debian-lts-announce/2020/07/msg00000.html https://lists.debian.org/debian-lts-announce/2020/09/msg00011.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/773N2ZV7QEMBGKH6FBKI6Q5S3YJMW357 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OD • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •