BIT-wordpress-2020-4046

See a problem?
Import Source
https://github.com/bitnami/vulndb/tree/main/data/wordpress/BIT-wordpress-2020-4046.json
JSON Data
https://api.test.osv.dev/v1/vulns/BIT-wordpress-2020-4046
Aliases
Published
2024-03-06T11:11:13.048Z
Modified
2024-03-06T11:25:28.861Z
Summary
[none]
Details

In affected versions of WordPress, users with low privileges (like contributors and authors) can use the embed block in a certain way to inject unfiltered HTML in the block editor. When affected posts are viewed by a higher privileged user, this could lead to script execution in the editor/wp-admin. This has been patched in version 5.4.2, along with all the previously affected versions via a minor release (5.3.4, 5.2.7, 5.1.6, 5.0.10, 4.9.15, 4.8.14, 4.7.18, 4.6.19, 4.5.22, 4.4.23, 4.3.24, 4.2.28, 4.1.31, 4.0.31, 3.9.32, 3.8.34, 3.7.34).

Database specific 
{
    "cpes": [
        "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*"
    ],
    "severity": "Medium"
}
References

Affected packages

Bitnami / wordpress

Package

Name
wordpress
Purl
pkg:bitnami/wordpress

Severity

  • 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Affected ranges

Type
SEMVER
Events
Introduced
3.7.0
Fixed
3.7.34
Introduced
3.8.0
Fixed
3.8.34
Introduced
3.9.0
Fixed
3.9.32
Introduced
4.0.0
Fixed
4.0.31
Introduced
4.1.0
Fixed
4.1.31
Introduced
4.2.0
Fixed
4.2.28
Introduced
4.3.0
Fixed
4.3.24
Introduced
4.4.0
Fixed
4.4.23
Introduced
4.5.0
Fixed
4.5.22
Introduced
4.6.0
Fixed
4.6.19
Introduced
4.7.0
Fixed
4.7.18
Introduced
4.8.0
Fixed
4.8.14
Introduced
4.9.0
Fixed
4.9.15
Introduced
5.0.0
Fixed
5.0.10
Introduced
5.1.0
Fixed
5.1.6
Introduced
5.2.0
Fixed
5.2.7
Introduced
5.3.0
Fixed
5.3.4
Introduced
5.4.0
Fixed
5.4.2