| Max CVSS | 6.0 | Min CVSS | 3.5 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2020-4047 | 3.5 |
In affected versions of WordPress, authenticated users with upload permissions (like authors) are able to inject JavaScript into some media file attachment pages in a certain way. This can lead to script execution in the context of a higher privilege
|
27-02-2023 - 18:20 | 12-06-2020 - 16:15 | |
| CVE-2020-4048 | 4.9 |
In affected versions of WordPress, due to an issue in wp_validate_redirect() and URL sanitization, an arbitrary external link can be crafted leading to unintended/open redirect when clicked. This has been patched in version 5.4.2, along with all the
|
27-02-2023 - 18:20 | 12-06-2020 - 16:15 | |
| CVE-2020-4050 | 6.0 |
In affected versions of WordPress, misuse of the `set-screen-option` filter's return value allows arbitrary user meta fields to be saved. It does require an admin to install a plugin that would misuse the filter. Once installed, it can be leveraged b
|
27-02-2023 - 18:20 | 12-06-2020 - 16:15 | |
| CVE-2020-4046 | 3.5 |
In affected versions of WordPress, users with low privileges (like contributors and authors) can use the embed block in a certain way to inject unfiltered HTML in the block editor. When affected posts are viewed by a higher privileged user, this coul
|
27-01-2023 - 18:57 | 12-06-2020 - 16:15 | |
| CVE-2020-4049 | 3.5 |
In affected versions of WordPress, when uploading themes, the name of the theme folder can be crafted in a way that could lead to JavaScript execution in /wp-admin on the themes page. This does require an admin to upload the theme, and is low severit
|
23-12-2020 - 18:51 | 12-06-2020 - 16:15 | |
| CVE-2020-25286 | 5.0 |
In wp-includes/comment-template.php in WordPress before 5.4.2, comments from a post or page could sometimes be seen in the latest comments even if the post or page was not public.
|
17-09-2020 - 20:18 | 13-09-2020 - 18:15 |