CVE-2020-11029 – Cross-site scripting in stats method (object cache) in WordPress
https://notcve.org/view.php?id=CVE-2020-11029
In affected versions of WordPress, a vulnerability in the stats() method of class-wp-object-cache.php can be exploited to execute cross-site scripting (XSS) attacks. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33). En las versiones afectadas de WordPress, una vulnerabilidad en el método stats() del archivo class-wp-object-cache.php puede ser explotada para ejecutar un ataque de tipo cross-site scripting (XSS). Esto ha sido corregido en la versión 5.4.1, junto con todas las versiones afectadas anteriormente mediante una versión menor (versiones 5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33). • https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-568w-8m88-8g2c https://lists.debian.org/debian-lts-announce/2020/05/msg00011.html https://wordpress.org/support/wordpress-version/version-5-4-1/#security-updates https://www.debian.org/security/2020/dsa-4677 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-11027 – Password reset links invalidation issue in WordPress
https://notcve.org/view.php?id=CVE-2020-11027
In affected versions of WordPress, a password reset link emailed to a user does not expire upon changing the user password. Access would be needed to the email account of the user by a malicious party for successful execution. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33). En las versiones afectadas de WordPress, un enlace de restablecimiento de contraseña enviado por correo electrónico a un usuario no caduca tras cambiar la contraseña del usuario. Se necesitaría el acceso a la cuenta de correo electrónico del usuario por una parte maliciosa para una ejecución con éxito. • https://www.exploit-db.com/exploits/51531 http://packetstormsecurity.com/files/173034/WordPress-Theme-Medic-1.0.0-Weak-Password-Recovery-Mechanism.html https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-ww7v-jg8c-q6jw https://lists.debian.org/debian-lts-announce/2020/05/msg00011.html https://wordpress.org/support/wordpress-version/version-5-4-1/#security-updates https://www.debian.org/security/2020/dsa-4677 • CWE-640: Weak Password Recovery Mechanism for Forgotten Password CWE-672: Operation on a Resource after Expiration or Release •
CVE-2020-11028 – Unauthenticated disclosure of certain private posts in WordPress
https://notcve.org/view.php?id=CVE-2020-11028
In affected versions of WordPress, some private posts, which were previously public, can result in unauthenticated disclosure under a specific set of conditions. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33). En las versiones afectadas de WordPress, algunas publicaciones privadas, que anteriormente eran públicas, pueden resultar en una divulgación no autenticada bajo un conjunto específico de condiciones. Esto ha sido corregido en la versión 5.4.1, junto con todas las versiones afectadas anteriormente mediante una versión menor (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33). • https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-xhx9-759f-6p2w https://lists.debian.org/debian-lts-announce/2020/05/msg00011.html https://wordpress.org/support/wordpress-version/version-5-4-1/#security-updates https://www.debian.org/security/2020/dsa-4677 • CWE-284: Improper Access Control CWE-306: Missing Authentication for Critical Function •
CVE-2020-11025 – Authenticated cross-site scripting (XSS) in WordPress Customizer
https://notcve.org/view.php?id=CVE-2020-11025
In affected versions of WordPress, a cross-site scripting (XSS) vulnerability in the navigation section of Customizer allows JavaScript code to be executed. Exploitation requires an authenticated user. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33). En las versiones afectadas de WordPress, una vulnerabilidad de tipo cross-site scripting (XSS) en la sección de navegación de Customizer permite que un código JavaScript sea ejecutado. La explotación requiere un usuario autenticado. • https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-4mhg-j6fx-5g3c https://wordpress.org/support/wordpress-version/version-5-4-1/#security-updates https://www.debian.org/security/2020/dsa-4677 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-11030 – Cross-site scripting (XSS) in Search block in WordPress
https://notcve.org/view.php?id=CVE-2020-11030
In affected versions of WordPress, a special payload can be crafted that can lead to scripts getting executed within the search block of the block editor. This requires an authenticated user with the ability to add content. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33). En las versiones afectadas de WordPress, puede ser diseñada una carga útil especial que puede conllevar a que los scripts sean ejecutados dentro del bloque de búsqueda del editor de bloques. Esto requiere un usuario autenticado con la capacidad de agregar contenido. • https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-vccm-6gmc-qhjh https://wordpress.org/support/wordpress-version/version-5-4-1/#security-updates https://www.debian.org/security/2020/dsa-4677 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-707: Improper Neutralization •