CVSS: 8.1EPSS: 0%CPEs: 21EXPL: 1CVE-2020-11027 – Password reset links invalidation issue in WordPress
https://notcve.org/view.php?id=CVE-2020-11027
In affected versions of WordPress, a password reset link emailed to a user does not expire upon changing the user password. Access would be needed to the email account of the user by a malicious party for successful execution. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33). En las versiones afectadas de WordPress, un enlace de restablecimiento de contraseña enviado por correo electrónico a un usuario no caduca tras cambiar la contraseña del usuario. Se necesitaría el acceso a la cuenta de correo electrónico del usuario por una parte maliciosa para una ejecución con éxito. • https://www.exploit-db.com/exploits/51531 http://packetstormsecurity.com/files/173034/WordPress-Theme-Medic-1.0.0-Weak-Password-Recovery-Mechanism.html https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-ww7v-jg8c-q6jw https://lists.debian.org/debian-lts-announce/2020/05/msg00011.html https://wordpress.org/support/wordpress-version/version-5-4-1/#security-updates https://www.debian.org/security/2020/dsa-4677 • CWE-640: Weak Password Recovery Mechanism for Forgotten Password CWE-672: Operation on a Resource after Expiration or Release •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2019-20041 – WordPress Core < 5.3.1 - Authenticated Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-20041
wp_kses_bad_protocol in wp-includes/kses.php in WordPress before 5.3.1 mishandles the HTML5 colon named entity, allowing attackers to bypass input sanitization, as demonstrated by the javascript: substring. La función wp_kses_bad_protocol en el archivo wp-includes/kses.php en WordPress versiones anteriores a la versión 5.3.1, maneja inapropiadamente la entidad llamada HTML5 colon, permitiendo a atacantes omitir el saneamiento de entrada, como es demostrado por la subcadena javascript&colon. • https://github.com/WordPress/wordpress-develop/commit/b1975463dd995da19bb40d3fa0786498717e3c53 https://lists.debian.org/debian-lts-announce/2020/01/msg00010.html https://seclists.org/bugtraq/2020/Jan/8 https://wordpress.org/news/2019/12/wordpress-5-3-1-security-and-maintenance-release https://www.debian.org/security/2020/dsa-4599 https://www.debian.org/security/2020/dsa-4677 • CWE-20: Improper Input Validation CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 3EXPL: 0CVE-2019-20042 – WordPress Core < 5.3.1 - Authenticated Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-20042
In wp-includes/formatting.php in WordPress 3.7 to 5.3.0, the function wp_targeted_link_rel() can be used in a particular way to result in a stored cross-site scripting (XSS) vulnerability. This has been patched in WordPress 5.3.1, along with all the previous WordPress versions from 3.7 to 5.3 via a minor release. En wp-includes / formatting.php en WordPress 3.7 a 5.3.0, la función wp_targeted_link_rel () se puede usar de una manera particular para generar una vulnerabilidad de scripting entre sitios (XSS) almacenada. Esto se ha solucionado en WordPress 5.3.1, junto con todas las versiones anteriores de WordPress desde 3.7 a 5.3 a través de una versión menor. • https://blog.ripstech.com/filter/vulnerabilities https://core.trac.wordpress.org/changeset/46894/trunk https://github.com/WordPress/wordpress-develop/commit/1f7f3f1f59567e2504f0fbebd51ccf004b3ccb1d https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-xvg2-m2f4-83m7 https://hackerone.com/reports/509930 https://seclists.org/bugtraq/2020/Jan/8 https://wordpress.org/news/2019/12/wordpress-5-3-1-security-and-maintenance-release https://wpvulndb.com/vulnerabilities/9975 https://www.debian.org&# • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.8EPSS: 0%CPEs: 4EXPL: 0CVE-2019-16780 – Stored cross-site scripting (XSS) in WordPress block editor
https://notcve.org/view.php?id=CVE-2019-16780
WordPress users with lower privileges (like contributors) can inject JavaScript code in the block editor using a specific payload, which is executed within the dashboard. This can lead to XSS if an admin opens the post in the editor. Execution of this attack does require an authenticated user. This has been patched in WordPress 5.3.1, along with all the previous WordPress versions from 3.7 to 5.3 via a minor release. Automatic updates are enabled by default for minor releases and we strongly recommend that you keep them enabled. • https://github.com/WordPress/wordpress-develop/commit/505dd6a20b6fc3d06130018c1caeff764248c29e https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-x3wp-h3qx-9w94 https://hackerone.com/reports/738644 https://seclists.org/bugtraq/2020/Jan/8 https://wordpress.org/news/2019/12/wordpress-5-3-1-security-and-maintenance-release https://wpvulndb.com/vulnerabilities/9976 https://www.debian.org/security/2020/dsa-4599 https://www.debian.org/security/2020/dsa-4677 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.8EPSS: 0%CPEs: 3EXPL: 0CVE-2019-16781 – Stored cross-site scripting (XSS) in WordPress block editor
https://notcve.org/view.php?id=CVE-2019-16781
In WordPress before 5.3.1, authenticated users with lower privileges (like contributors) can inject JavaScript code in the block editor, which is executed within the dashboard. It can lead to an admin opening the affected post in the editor leading to XSS. En WordPress versiones anteriores a 5.3.1, los usuarios autenticados con privilegios más bajos (como los contribuyentes) pueden inyectar código JavaScript en el editor de bloques, que es ejecutado dentro del panel. Puede conllevar a un administrador a abrir la publicación afectada en el editor conllevando a un ataque de tipo XSS. • https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-pg4x-64rh-3c9v https://hackerone.com/reports/731301 https://seclists.org/bugtraq/2020/Jan/8 https://wordpress.org/news/2019/12/wordpress-5-3-1-security-and-maintenance-release https://wpvulndb.com/vulnerabilities/9976 https://www.debian.org/security/2020/dsa-4599 https://www.debian.org/security/2020/dsa-4677 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •