CVE-2020-11026

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2020-11026
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-11026.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2020-11026
Aliases
Downstream
Related
  • GHSA-3gw2-4656-pfr2
Published
2020-04-30T23:15:11.510Z
Modified
2026-02-03T07:09:20.619992Z
Severity
  • 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

In affected versions of WordPress, files with a specially crafted name when uploaded to the Media section can lead to script execution upon accessing the file. This requires an authenticated user with privileges to upload files. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33).

References

Affected packages

Git / github.com/wordpress/wordpress

Affected ranges

Type
GIT
Repo
https://github.com/wordpress/wordpress
Events
Introduced
87bf150016e042bc3e21f2f1cb9de44042b8cdb1
Fixed
022ab492e2901ffd11024b7bfc0db743db2b507f
Introduced
6fe64752be3260f2a47f38e68c2cb77400e5a0c9
Fixed
023c7cba733f1237a3fd5b8c001ccc17e54a7d9f
Introduced
50dc0ca5bb332c895f0f39fe4e6ee1e4a43e06dc
Fixed
055731393c341ac801f3b3bced6bf33d46e40107
Introduced
54a3b49fa91b7beeb3da2f448154f9e75f005a9a
Fixed
1a119122d514818e7383b3521ad6aef4b9d90f30
Introduced
491c67be12ca8a9fe37ae38307ba7e298c976ec3
Fixed
400bd2c1e504ad2b90c40f834be6a409b5d1d28e
Introduced
29ffbff370968ae48a1b7a34e35c8b8e75cf0f91
Fixed
5c99450be128d698c75b81f77b1ac583ebcd308b
Introduced
3921fd373acaeeeee2029f762b676075cf375b33
Fixed
5f0bf1caedc7a0f6f355ec848a3727b410943430
Introduced
e5e791f331d371ad6262c1893d84f5f2b6c26464
Fixed
641b0fea4e35a51ffbcc7ceab5780f0fd2e372fe
Introduced
c33464a4554cff8a082bc353d9226d8104b80d2b
Fixed
6b364bc2314f22ed3c73932949b8e52ef9b21578
Introduced
f6a29831c76d2dbe82e9ae673539f910654c58a4
Fixed
72f2d37159b724913cfb1c248b8dd2b88ed33ff2
Introduced
842221094a5011886291b21fd7c705835d69e0bc
Fixed
7a45cb2c3af33300501e5c87def89b7607e173cb
Introduced
06fa4161aa74619239cf27017d124081c825684a
Fixed
9725451e67ed65e76fc43d3dbb5885753c3eb53e
Introduced
36470a480cac07d34a355e9f8a9409c1349b6e07
Fixed
a8e1a81a4a6e3bbd3f365d2097613760a6c65376
Introduced
b57f3aa5f00a127f209eff74b78787dd3fd5ed4d
Fixed
e13d8405b4f56838140ed73e52032c3c08a983d4
Introduced
e3aafee3f2bc07e09bf79389f20ea3db731466c3
Fixed
ebe83073ffd7954380a37831defa4661d030a7ec
Introduced
fe47e6139dbfc0f0c9ce0d79da77926b5fceaa77
Fixed
f4f41452e0a791ee79ec820070998914fb221586
Introduced
14247ee4302378d292863865c643abe99bbfe3c7
Fixed
f889561be6949a918595723b2c55a6581cd88749

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-11026.json"

Git / github.com/wordpress/wordpress-develop

Affected ranges

Type
GIT
Repo
https://github.com/wordpress/wordpress-develop
Events
Introduced
7b07c0ccc7453ce057e009ffa65f12a02ce7d2ee
Fixed
02755b5fa317b63302bedd9f818ae1a31f71a5d3
Introduced
1cf3888655c0eb8b0b0539834ad67db5920190d7
Fixed
0bb42f230f1ab7de872aaa859020dcec474045af
Introduced
a3a0dab49ed5b740b3f05e48b06b0b259641e2d0
Fixed
2f406081b39afca17f9d44a3462b69b5369e0d8f
Introduced
36e5687edb263228eb912d542ebad988e0672beb
Fixed
43d3c7a465712551fe39c547b2c64e8143a6b5af
Introduced
efa83f48bd4ebd066e5efc94b9feefe50e7925a2
Fixed
47084d70769deea5ec9eecdada63603bdce2beff
Introduced
ec8826ed50f8ce0eea39900eeeba09a9d621f00e
Fixed
644edf39234db0dcdc5a37d8d468f41dd33814b3
Introduced
b3bf6266acd61682bc654845f621b4426645e324
Fixed
6e409d4877d4c5a86faa0e304c6bee19040e268d
Introduced
470529c2bf211450e91f01ceadaa9fc97a2b4031
Fixed
77fe7053f6ea7f0e65ab393336f6b058ad195764
Introduced
d05f0a86b23e37b9d97acd9317ff3fd661d64dea
Fixed
84e07fd09a6b994f1723ac9317ea0700d44e7182
Introduced
2ac9b801ef5c18accf223b093529dacfcf809133
Fixed
8c69710282aa6293a2e22535cd2f2b7b253611bd
Introduced
7c76a1b79e21176b176b5b6d6b03151f8eea4b55
Fixed
9047813f0c746c4cd2f6b71849c6a5b8776fe16a
Introduced
7acf453090c10537e6f41fc4cf2608d7bbcce8ca
Fixed
adaa27bd9328efc98d91fc567e37c6fb52e2d3fb
Introduced
c1b5c599c9d8d83ba3a1dcfe31570d1b0f6b4c3e
Fixed
bc53fe718498b4af2897bd96652924f5977ab708
Introduced
31f7ece8503f0dc6ef1df2473ae3f3d352973e12
Fixed
c39196b87d90d8a29a3a968ac6f0df7e4308661e
Introduced
b5f6ca5af6e29fe5df7a65d512b177fa465cfa2e
Fixed
cd0e6c940a8016978b63bd41948034b81c14a134
Introduced
5aa596fee9bf6ea7f0ccc2ed51b16c0f2f04076b
Fixed
e4d8de2cb0d86b87d4c576868dafcbe06066b250
Introduced
f1d358137f7ed657db6afec1b1eca0b9f7814e25
Fixed
fb34ad55929affb93652c43258408f5567278747

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-11026.json"