SB2020042920 - Multiple vulnerabilities in WordPress
Published: April 29, 2020 Updated: October 25, 2024
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 8 vulnerabilities.
1) Weak Password Recovery Mechanism for Forgotten Password (CVE-ID: CVE-2020-11027)
CWE-ID: CWE-640 - Weak password recovery mechanism
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber
The vulnerability allows a remote attacker to compromise user accounts.
The vulnerability exists due to password reset token is not correctly invalidated. A remote attacker can abuse such behavior to take over another user account.
Successful exploitation of the vulnerability may allows an attacker to gain full access to the affected website.
2) Improper access control (CVE-ID: CVE-2020-11028)
CWE-ID: CWE-284 - Improper Access Control
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions to certain private posts. A remote non-authenticated attacker can bypass implemented security restrictions and read private posts.
3) Cross-site scripting (CVE-ID: CVE-2020-11025)
CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data in Customizer. A remote authenticated attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
4) Cross-site scripting (CVE-ID: CVE-2020-11030)
CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data in the search block. A remote authenticated attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
5) Cross-site scripting (CVE-ID: CVE-2020-11029)
CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Green
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data in wp-object-cache. A remote attacker can execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
6) Cross-site scripting (CVE-ID: CVE-2020-11026)
CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data in file uploads. A remote authenticated attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
7) Stored cross-site scripting (CVE-ID: N/A)
CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Green
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data in the WordPress customizer. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
8) Information disclosure (CVE-ID: CVE-2020-25286)
CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to gain access to potentially sensitive data.
The
vulnerability exists due to improper access restrictions in
wp-includes/comment-template.php, as comments from a post or page could
sometimes be seen in the latest
comments even if the post or page was not public. A remote attacker can
gain access to sensitive information.
Remediation
Install update from vendor's website.
References
- https://wordpress.org/news/2020/04/wordpress-5-4-1/
- https://wpvulndb.com/vulnerabilities/10201/
- https://core.trac.wordpress.org/changeset/47634/
- https://www.wordfence.com/blog/2020/04/unpacking-the-7-vulnerabilities-fixed-in-todays-wordpress-5-4-1-security-update/
- https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-ww7v-jg8c-q6jw
- https://wpvulndb.com/vulnerabilities/10202/
- https://core.trac.wordpress.org/changeset/47635/
- https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-xhx9-759f-6p2w
- https://wpvulndb.com/vulnerabilities/10203/
- https://core.trac.wordpress.org/changeset/47633/
- https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-4mhg-j6fx-5g3c
- https://wpvulndb.com/vulnerabilities/10204/
- https://core.trac.wordpress.org/changeset/47636/
- https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-vccm-6gmc-qhjh
- https://wpvulndb.com/vulnerabilities/10205/
- https://core.trac.wordpress.org/changeset/47637/
- https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-568w-8m88-8g2c
- https://wpvulndb.com/vulnerabilities/10206/
- https://core.trac.wordpress.org/changeset/47638/
- https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-3gw2-4656-pfr2
- https://core.trac.wordpress.org/changeset/47984
- https://wordpress.org/news/2020/06/wordpress-5-4-2-security-and-maintenance-release/