返回 CVE 瀏覽器

CVE-2020-28035

CRITICAL

9.8

CVSS Severity Score

EPSS Score0.1500%

EPSS Percentile22.94th

Published2020年11月2日

Last Modified2024年11月21日

Vulnerability Description

WordPress before 5.5.2 allows attackers to gain privileges via XML-RPC.

Affected Platforms (CPE)

📦

Wordpress

Wordpress

< 5.5.2

💻

Fedoraproject

Fedora

= 31

💻

Fedoraproject

Fedora

= 32

💻

Fedoraproject

Fedora

= 33

💻

Debian

Debian Linux

= 10.0

References & Advisories

🔗 https://lists.debian.org/debian-lts-announce/2020/11/msg00004.html

🔗 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHVNK2WYAM3ZTCXTFSEIT56IKLVJHU3/

🔗 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VAVVYJKA2I6CRQUINECDPBGWMQDEG244/

🔗 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VUXVUAKL2HL4QYJEPHBNVQQWRMFMII2Y/

🔗 https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/

🔗 https://www.debian.org/security/2020/dsa-4784

🔗 https://lists.debian.org/debian-lts-announce/2020/11/msg00004.html

🔗 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHVNK2WYAM3ZTCXTFSEIT56IKLVJHU3/

相關漏洞威脅

CVE-2020-2521310.0

The File Manager (wp-file-manager) plugin before 6.9 for WordPress allows remote attackers to upload and execute arbitrary PHP cod...

CVE-2020-2418610.0

A Remote Code Execution vulnerability exists in the gVectors wpDiscuz plugin 7.0 through 7.0.4 for WordPress, which allows unauthe...

CVE-2019-1693210.0

A blind SSRF vulnerability exists in the Visualizer plugin before 3.3.1 for WordPress via wp-json/visualizer/v1/upload-data.

CVE-2020-3548910.0

The contact-form-7 (aka Contact Form 7) plugin before 5.3.2 for WordPress allows Unrestricted File Upload and remote code executio...