Multiple vulnerabilities in WordPress



Published: 2020-06-12 | Updated: 2020-07-06
Risk Low
Patch available YES
Number of vulnerabilities 6
CVE-ID CVE-2020-4046
CVE-2020-4047
CVE-2020-4049
CVE-2020-4048
CVE-2020-4050
CWE-ID CWE-79
CWE-601
CWE-264
CWE-284
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
WordPress
Web applications / CMS

Vendor WordPress.ORG

Security Bulletin

This security bulletin contains information about 6 vulnerabilities.

Updated 22.06.2020
Assigned CVE-ID number for vulnerabilities 2, 4 and 5.

Updated: 06.07.2020

Assigned CVE-IDs to vulnerabilities #1 and #3.

1) Cross-site scripting

EUVDB-ID: #VU29004

Risk: Low

CVSSv3.1: 5.6 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-4046

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user is able to add JavaScript to posts in the block editor and execute arbitrary script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

WordPress: 3.0 - 3.0.6, 3.1 - 3.1.4, 3.2 - 3.2.1, 3.3 - 3.3.3, 3.4 - 3.4.2, 3.5 - 3.5.2, 3.6 - 3.6.1, 3.7 - 3.7.33, 3.8 - 3.8.33, 3.9 - 3.9.31, 4.0 - 4.0.30, 4.1 - 4.1.30, 4.2 - 4.2.27, 4.3.0 - 4.3.23, 4.4 - 4.4.22, 4.5 - 4.5.21, 4.6 - 4.6.18, 4.7 - 4.7.17, 4.8 - 4.8.13, 4.9 - 4.9.14, 5.0 - 5.0.9, 5.1 - 5.1.5, 5.2 - 5.2.6, 5.3 - 5.3.3, 5.4 - 5.4.1


CPE2.3 External links

http://wordpress.org/news/2020/06/wordpress-5-4-2-security-and-maintenance-release/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Cross-site scripting

EUVDB-ID: #VU29005

Risk: Low

CVSSv3.1: 5.6 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-4047

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user with upload permissions is able to add JavaScript to media files and execute arbitrary script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

WordPress: 3.0 - 3.0.6, 3.1 - 3.1.4, 3.2 - 3.2.1, 3.3 - 3.3.3, 3.4 - 3.4.2, 3.5 - 3.5.2, 3.6 - 3.6.1, 3.7 - 3.7.33, 3.8 - 3.8.33, 3.9 - 3.9.31, 4.0 - 4.0.30, 4.1 - 4.1.30, 4.2 - 4.2.27, 4.3.0 - 4.3.23, 4.4 - 4.4.22, 4.5 - 4.5.21, 4.6 - 4.6.18, 4.7 - 4.7.17, 4.8 - 4.8.13, 4.9 - 4.9.14, 5.0 - 5.0.9, 5.1 - 5.1.5, 5.2 - 5.2.6, 5.3 - 5.3.3, 5.4 - 5.4.1


CPE2.3 External links

http://wordpress.org/news/2020/06/wordpress-5-4-2-security-and-maintenance-release/
http://github.com/WordPress/wordpress-develop/security/advisories/GHSA-8q2w-5m27-wm27

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Cross-site scripting

EUVDB-ID: #VU29006

Risk: Low

CVSSv3.1: 5.6 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-4049

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data via theme uploads. A remote user can execute arbitrary script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

WordPress: 3.0 - 3.0.6, 3.1 - 3.1.4, 3.2 - 3.2.1, 3.3 - 3.3.3, 3.4 - 3.4.2, 3.5 - 3.5.2, 3.6 - 3.6.1, 3.7 - 3.7.33, 3.8 - 3.8.33, 3.9 - 3.9.31, 4.0 - 4.0.30, 4.1 - 4.1.30, 4.2 - 4.2.27, 4.3.0 - 4.3.23, 4.4 - 4.4.22, 4.5 - 4.5.21, 4.6 - 4.6.18, 4.7 - 4.7.17, 4.8 - 4.8.13, 4.9 - 4.9.14, 5.0 - 5.0.9, 5.1 - 5.1.5, 5.2 - 5.2.6, 5.3 - 5.3.3, 5.4 - 5.4.1


CPE2.3 External links

http://wordpress.org/news/2020/06/wordpress-5-4-2-security-and-maintenance-release/
http://github.com/WordPress/wordpress-develop/security/advisories/GHSA-87h4-phjv-rm6p

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Open redirect

EUVDB-ID: #VU29007

Risk: Low

CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-4048

CWE-ID: CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')

Exploit availability: No

Description

The vulnerability allows a remote attacker to redirect victims to arbitrary URL.

The vulnerability exists due to improper sanitization of user-supplied data to wp_validate_redirect(). A remote attacker can create a link that leads to a trusted website, however, when clicked, redirects the victim to arbitrary domain.

Successful exploitation of this vulnerability may allow a remote attacker to perform a phishing attack and steal potentially sensitive information.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

WordPress: 3.0 - 3.0.6, 3.1 - 3.1.4, 3.2 - 3.2.1, 3.3 - 3.3.3, 3.4 - 3.4.2, 3.5 - 3.5.2, 3.6 - 3.6.1, 3.7 - 3.7.33, 3.8 - 3.8.33, 3.9 - 3.9.31, 4.0 - 4.0.30, 4.1 - 4.1.30, 4.2 - 4.2.27, 4.3.0 - 4.3.23, 4.4 - 4.4.22, 4.5 - 4.5.21, 4.6 - 4.6.18, 4.7 - 4.7.17, 4.8 - 4.8.13, 4.9 - 4.9.14, 5.0 - 5.0.9, 5.1 - 5.1.5, 5.2 - 5.2.6, 5.3 - 5.3.3, 5.4 - 5.4.1


CPE2.3 External links

http://wordpress.org/news/2020/06/wordpress-5-4-2-security-and-maintenance-release/
http://github.com/WordPress/wordpress-develop/security/advisories/GHSA-q6pw-gvf4-5fj5
http://github.com/WordPress/WordPress/commit/10e2a50c523cf0b9785555a688d7d36a40fbeccf

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU29008

Risk: Low

CVSSv3.1: 3.7 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-4050

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions, which leads to security restrictions bypass where set-screen-option can be misused by plugins. A remote attacker can escalate privileges within the application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

WordPress: 3.0 - 3.0.6, 3.1 - 3.1.4, 3.2 - 3.2.1, 3.3 - 3.3.3, 3.4 - 3.4.2, 3.5 - 3.5.2, 3.6 - 3.6.1, 3.7 - 3.7.33, 3.8 - 3.8.33, 3.9 - 3.9.31, 4.0 - 4.0.30, 4.1 - 4.1.30, 4.2 - 4.2.27, 4.3.0 - 4.3.23, 4.4 - 4.4.22, 4.5 - 4.5.21, 4.6 - 4.6.18, 4.7 - 4.7.17, 4.8 - 4.8.13, 4.9 - 4.9.14, 5.0 - 5.0.9, 5.1 - 5.1.5, 5.2 - 5.2.6, 5.3 - 5.3.3, 5.4 - 5.4.1


CPE2.3 External links

http://wordpress.org/news/2020/06/wordpress-5-4-2-security-and-maintenance-release/
http://github.com/WordPress/WordPress/commit/dda0ccdd18f6532481406cabede19ae2ed1f575d
http://github.com/WordPress/wordpress-develop/security/advisories/GHSA-4vpv-fgg2-gcqc

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Improper access control

EUVDB-ID: #VU29009

Risk: Low

CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: N/A

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions. A remote attacker can bypass implemented security restrictions and gain unauthorized access to  comments from password-protected posts and page.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

WordPress: 3.0 - 3.0.6, 3.1 - 3.1.4, 3.2 - 3.2.1, 3.3 - 3.3.3, 3.4 - 3.4.2, 3.5 - 3.5.2, 3.6 - 3.6.1, 3.7 - 3.7.33, 3.8 - 3.8.33, 3.9 - 3.9.31, 4.0 - 4.0.30, 4.1 - 4.1.30, 4.2 - 4.2.27, 4.3.0 - 4.3.23, 4.4 - 4.4.22, 4.5 - 4.5.21, 4.6 - 4.6.18, 4.7 - 4.7.17, 4.8 - 4.8.13, 4.9 - 4.9.14, 5.0 - 5.0.9, 5.1 - 5.1.5, 5.2 - 5.2.6, 5.3 - 5.3.3, 5.4 - 5.4.1


CPE2.3 External links

http://wordpress.org/news/2020/06/wordpress-5-4-2-security-and-maintenance-release/
http://github.com/WordPress/WordPress/commit/c075eec24f2f3214ab0d0fb0120a23082e6b1122

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###