BIT-wordpress-multisite-2020-11027

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/wordpress-multisite/BIT-wordpress-multisite-2020-11027.json

JSON Data

https://api.test.osv.dev/v1/vulns/BIT-wordpress-multisite-2020-11027

Aliases

Published

2024-03-06T11:12:02.874Z

Modified

2024-11-27T19:40:48.342Z

Summary

[none]

Details

In affected versions of WordPress, a password reset link emailed to a user does not expire upon changing the user password. Access would be needed to the email account of the user by a malicious party for successful execution. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33).

Database specific

{
    "cpes": [
        "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
        "cpe:2.3:a:wordpress:wordpress:5.4:*:*:*:*:*:*:*"
    ],
    "severity": "Medium"
}

References

Affected packages

Bitnami / wordpress-multisite

Package

Name: wordpress-multisite
Purl: pkg:bitnami/wordpress-multisite

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

3.7.0

Fixed

3.7.33

Introduced

3.8.0

Fixed

3.8.33

Introduced

3.9.0

Fixed

3.9.31

Introduced

4.0.0

Fixed

4.0.30

Introduced

4.1.0

Fixed

4.1.30

Introduced

4.2.0

Fixed

4.2.27

Introduced

4.3.0

Fixed

4.3.23

Introduced

4.4.0

Fixed

4.4.22

Introduced

4.5.0

Fixed

4.5.21

Introduced

4.6.0

Fixed

4.6.18

Introduced

4.7.0

Fixed

4.7.17

Introduced

4.8.0

Fixed

4.8.13

Introduced

4.9.0

Fixed

4.9.14

Introduced

5.0.0

Fixed

5.0.9

Introduced

5.1.0

Fixed

5.1.5

Introduced

5.2.0

Fixed

5.2.6

Introduced

5.3.0

Fixed

5.3.3

Type: SEMVER
Events: Introduced

5.4.0

Last affected

5.4.0