BIT-wordpress-multisite-2020-11029

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/wordpress-multisite/BIT-wordpress-multisite-2020-11029.json

JSON Data

https://api.test.osv.dev/v1/vulns/BIT-wordpress-multisite-2020-11029

Aliases

Published

2024-03-06T11:11:54.862Z

Modified

2024-11-27T19:40:48.342Z

Summary

[none]

Details

In affected versions of WordPress, a vulnerability in the stats() method of class-wp-object-cache.php can be exploited to execute cross-site scripting (XSS) attacks. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33).

Database specific

{
    "cpes": [
        "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
        "cpe:2.3:a:wordpress:wordpress:5.4:*:*:*:*:*:*:*"
    ],
    "severity": "Medium"
}

References

Affected packages

Bitnami / wordpress-multisite

Package

Name: wordpress-multisite
Purl: pkg:bitnami/wordpress-multisite

Severity

5.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:N/A:N CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

3.7.0

Fixed

3.7.33

Introduced

3.8.0

Fixed

3.8.33

Introduced

3.9.0

Fixed

3.9.31

Introduced

4.0.0

Fixed

4.0.30

Introduced

4.1.0

Fixed

4.1.30

Introduced

4.2.0

Fixed

4.2.27

Introduced

4.3.0

Fixed

4.3.23

Introduced

4.4.0

Fixed

4.4.22

Introduced

4.5.0

Fixed

4.5.21

Introduced

4.6.0

Fixed

4.6.18

Introduced

4.7.0

Fixed

4.7.17

Introduced

4.8.0

Fixed

4.8.13

Introduced

4.9.0

Fixed

4.9.14

Introduced

5.0.0

Fixed

5.0.9

Introduced

5.1.0

Fixed

5.1.5

Introduced

5.2.0

Fixed

5.2.6

Introduced

5.3.0

Fixed

5.3.3

Type: SEMVER
Events: Introduced

5.4.0

Last affected

5.4.0