CVE-2020-11026 (GCVE-0-2020-11026)
Vulnerability from cvelistv5
Published
2020-04-30 22:15
Modified
2024-08-04 11:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-707 - Improper Neutralization
Summary
In affected versions of WordPress, files with a specially crafted name when uploaded to the Media section can lead to script execution upon accessing the file. This requires an authenticated user with privileges to upload files. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33).
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| WordPress | WordPress |
Version: >= 5.4.0, < 5.4.1 Version: >= 5.3.0, < 5.3.3 Version: >= 5.2.0, < 5.2.6 Version: >= 5.1.0, < 5.1.5 Version: >= 5.0.0, < 5.0.9 Version: >= 4.9.0, < 4.9.14 Version: >= 4.8.0, < 4.8.13 Version: >= 4.7.0, < 4.7.17 Version: >= 4.6.0, < 4.6.18 Version: >= 4.5.0, < 4.5.21 Version: >= 4.4.0, < 4.4.22 Version: >= 4.3.0, < 4.3.23 Version: >= 4.2.0, < 4.2.27 Version: >= 4.1.0, < 4.1.30 Version: >= 4.0.0, < 4.0.30 Version: >= 3.9.0, < 3.9.31 Version: >= 3.8.0, < 3.8.33 Version: >= 3.7.0, < 3.7.33 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:21:14.284Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wordpress.org/support/wordpress-version/version-5-4-1/#security-updates"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-3gw2-4656-pfr2"
},
{
"name": "DSA-4677",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4677"
},
{
"name": "[debian-lts-announce] 20200511 [SECURITY] [DLA 2208-1] wordpress security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00011.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WordPress",
"vendor": "WordPress",
"versions": [
{
"status": "affected",
"version": "\u003e= 5.4.0, \u003c 5.4.1"
},
{
"status": "affected",
"version": "\u003e= 5.3.0, \u003c 5.3.3"
},
{
"status": "affected",
"version": "\u003e= 5.2.0, \u003c 5.2.6"
},
{
"status": "affected",
"version": "\u003e= 5.1.0, \u003c 5.1.5"
},
{
"status": "affected",
"version": "\u003e= 5.0.0, \u003c 5.0.9"
},
{
"status": "affected",
"version": "\u003e= 4.9.0, \u003c 4.9.14"
},
{
"status": "affected",
"version": "\u003e= 4.8.0, \u003c 4.8.13"
},
{
"status": "affected",
"version": "\u003e= 4.7.0, \u003c 4.7.17"
},
{
"status": "affected",
"version": "\u003e= 4.6.0, \u003c 4.6.18"
},
{
"status": "affected",
"version": "\u003e= 4.5.0, \u003c 4.5.21"
},
{
"status": "affected",
"version": "\u003e= 4.4.0, \u003c 4.4.22"
},
{
"status": "affected",
"version": "\u003e= 4.3.0, \u003c 4.3.23"
},
{
"status": "affected",
"version": "\u003e= 4.2.0, \u003c 4.2.27"
},
{
"status": "affected",
"version": "\u003e= 4.1.0, \u003c 4.1.30"
},
{
"status": "affected",
"version": "\u003e= 4.0.0, \u003c 4.0.30"
},
{
"status": "affected",
"version": "\u003e= 3.9.0, \u003c 3.9.31"
},
{
"status": "affected",
"version": "\u003e= 3.8.0, \u003c 3.8.33"
},
{
"status": "affected",
"version": "\u003e= 3.7.0, \u003c 3.7.33"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In affected versions of WordPress, files with a specially crafted name when uploaded to the Media section can lead to script execution upon accessing the file. This requires an authenticated user with privileges to upload files. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-707",
"description": "CWE-707: Improper Neutralization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-11T15:06:03",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wordpress.org/support/wordpress-version/version-5-4-1/#security-updates"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-3gw2-4656-pfr2"
},
{
"name": "DSA-4677",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4677"
},
{
"name": "[debian-lts-announce] 20200511 [SECURITY] [DLA 2208-1] wordpress security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00011.html"
}
],
"source": {
"advisory": "GHSA-3gw2-4656-pfr2",
"discovery": "UNKNOWN"
},
"title": "Specially crafted filenames in WordPress leading to XSS",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-11026",
"STATE": "PUBLIC",
"TITLE": "Specially crafted filenames in WordPress leading to XSS"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WordPress",
"version": {
"version_data": [
{
"version_value": "\u003e= 5.4.0, \u003c 5.4.1"
},
{
"version_value": "\u003e= 5.3.0, \u003c 5.3.3"
},
{
"version_value": "\u003e= 5.2.0, \u003c 5.2.6"
},
{
"version_value": "\u003e= 5.1.0, \u003c 5.1.5"
},
{
"version_value": "\u003e= 5.0.0, \u003c 5.0.9"
},
{
"version_value": "\u003e= 4.9.0, \u003c 4.9.14"
},
{
"version_value": "\u003e= 4.8.0, \u003c 4.8.13"
},
{
"version_value": "\u003e= 4.7.0, \u003c 4.7.17"
},
{
"version_value": "\u003e= 4.6.0, \u003c 4.6.18"
},
{
"version_value": "\u003e= 4.5.0, \u003c 4.5.21"
},
{
"version_value": "\u003e= 4.4.0, \u003c 4.4.22"
},
{
"version_value": "\u003e= 4.3.0, \u003c 4.3.23"
},
{
"version_value": "\u003e= 4.2.0, \u003c 4.2.27"
},
{
"version_value": "\u003e= 4.1.0, \u003c 4.1.30"
},
{
"version_value": "\u003e= 4.0.0, \u003c 4.0.30"
},
{
"version_value": "\u003e= 3.9.0, \u003c 3.9.31"
},
{
"version_value": "\u003e= 3.8.0, \u003c 3.8.33"
},
{
"version_value": "\u003e= 3.7.0, \u003c 3.7.33"
}
]
}
}
]
},
"vendor_name": "WordPress"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In affected versions of WordPress, files with a specially crafted name when uploaded to the Media section can lead to script execution upon accessing the file. This requires an authenticated user with privileges to upload files. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33)."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-707: Improper Neutralization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/support/wordpress-version/version-5-4-1/#security-updates",
"refsource": "MISC",
"url": "https://wordpress.org/support/wordpress-version/version-5-4-1/#security-updates"
},
{
"name": "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-3gw2-4656-pfr2",
"refsource": "CONFIRM",
"url": "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-3gw2-4656-pfr2"
},
{
"name": "DSA-4677",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4677"
},
{
"name": "[debian-lts-announce] 20200511 [SECURITY] [DLA 2208-1] wordpress security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00011.html"
}
]
},
"source": {
"advisory": "GHSA-3gw2-4656-pfr2",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-11026",
"datePublished": "2020-04-30T22:15:32",
"dateReserved": "2020-03-30T00:00:00",
"dateUpdated": "2024-08-04T11:21:14.284Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2020-11026\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2020-04-30T23:15:11.510\",\"lastModified\":\"2024-11-21T04:56:37.070\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In affected versions of WordPress, files with a specially crafted name when uploaded to the Media section can lead to script execution upon accessing the file. This requires an authenticated user with privileges to upload files. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33).\"},{\"lang\":\"es\",\"value\":\"En las versiones afectadas de WordPress, los archivos con un nombre especialmente dise\u00f1ado cuando se cargan en la secci\u00f3n Multimedia pueden conllevar a una ejecuci\u00f3n de script al acceder al archivo. Esto requiere un usuario autenticado con privilegios para cargar archivos. Esto ha sido corregido en la versi\u00f3n 5.4.1, junto con todas las versiones afectadas anteriormente por medio de una versi\u00f3n menor (versiones 5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33).\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N\",\"baseScore\":8.7,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.3,\"impactScore\":5.8},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":5.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.3,\"impactScore\":2.7}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:S/C:N/I:P/A:N\",\"baseScore\":3.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":6.8,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-707\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.7\",\"versionEndExcluding\":\"3.7.33\",\"matchCriteriaId\":\"AFDCD9BA-05B3-4EE5-ABE7-A6DF77F1DEB4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.8\",\"versionEndExcluding\":\"3.8.33\",\"matchCriteriaId\":\"8BE6D23B-B8DA-4013-812D-329D765729B3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.9\",\"versionEndExcluding\":\"3.9.31\",\"matchCriteriaId\":\"B249947E-34C8-4319-A756-3095210C86BE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.0\",\"versionEndExcluding\":\"4.0.30\",\"matchCriteriaId\":\"222FACD8-E13D-43F0-9EB8-D3837534BE61\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.1\",\"versionEndExcluding\":\"4.1.30\",\"matchCriteriaId\":\"4F37A9AE-0368-46E5-9163-0E77860D967E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.2\",\"versionEndExcluding\":\"4.2.27\",\"matchCriteriaId\":\"FC97B598-CD50-4501-8368-97160D885596\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.3\",\"versionEndExcluding\":\"4.3.23\",\"matchCriteriaId\":\"E071B431-86C3-4DD0-B7D6-7581E53E4398\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.4\",\"versionEndExcluding\":\"4.4.22\",\"matchCriteriaId\":\"65D50EA1-08F5-4F17-B47D-2CABE77B7101\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.5\",\"versionEndExcluding\":\"4.5.21\",\"matchCriteriaId\":\"EE8BFCAE-36A9-4017-B484-766AA82A517B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.6\",\"versionEndExcluding\":\"4.6.18\",\"matchCriteriaId\":\"0A44AAFC-3FB1-4FB9-BBE9-6FB8E553AC55\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.7\",\"versionEndExcluding\":\"4.7.17\",\"matchCriteriaId\":\"1C2F3EB4-8D53-4E73-99CB-6D4DB18862CB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.8\",\"versionEndExcluding\":\"4.8.13\",\"matchCriteriaId\":\"4A2168FB-94B6-4B89-A205-B8806668C56C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.9\",\"versionEndExcluding\":\"4.9.14\",\"matchCriteriaId\":\"D6B09641-582C-4BC9-B0A8-976CC4CB2F9C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.0\",\"versionEndExcluding\":\"5.0.9\",\"matchCriteriaId\":\"29C2D12B-4F1B-4473-A23B-C923FA1EF442\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.1\",\"versionEndExcluding\":\"5.1.5\",\"matchCriteriaId\":\"4E6ACD77-B8AA-40ED-8F43-F7AE245556FE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.2\",\"versionEndExcluding\":\"5.2.6\",\"matchCriteriaId\":\"0AA6DEC1-5040-4D00-9A01-F2C0A2D071D3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.3\",\"versionEndExcluding\":\"5.3.3\",\"matchCriteriaId\":\"E1FA1821-19B3-482D-BCA1-3F2E22A7B603\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wordpress:wordpress:5.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"46EA68C0-B847-447C-BB19-1C440F0A761D\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]}],\"references\":[{\"url\":\"https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-3gw2-4656-pfr2\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2020/05/msg00011.html\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://wordpress.org/support/wordpress-version/version-5-4-1/#security-updates\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://www.debian.org/security/2020/dsa-4677\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-3gw2-4656-pfr2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2020/05/msg00011.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://wordpress.org/support/wordpress-version/version-5-4-1/#security-updates\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://www.debian.org/security/2020/dsa-4677\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…