CVE-2020-4047

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2020-4047
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-4047.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2020-4047
Aliases
Downstream
Related
  • GHSA-8q2w-5m27-wm27
Published
2020-06-12T16:15:10.543Z
Modified
2026-02-16T05:17:50.473194Z
Severity
  • 6.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N CVSS Calculator
Summary
[none]
Details

In affected versions of WordPress, authenticated users with upload permissions (like authors) are able to inject JavaScript into some media file attachment pages in a certain way. This can lead to script execution in the context of a higher privileged user when the file is viewed by them. This has been patched in version 5.4.2, along with all the previously affected versions via a minor release (5.3.4, 5.2.7, 5.1.6, 5.0.10, 4.9.15, 4.8.14, 4.7.18, 4.6.19, 4.5.22, 4.4.23, 4.3.24, 4.2.28, 4.1.31, 4.0.31, 3.9.32, 3.8.34, 3.7.34).

References

Affected packages

Git / github.com/wordpress/wordpress

Affected ranges

Type
GIT
Repo
https://github.com/wordpress/wordpress
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
32d1a07d28428b3bf3c82b646c689a6376bf0d97
Introduced
06fa4161aa74619239cf27017d124081c825684a
Fixed
10cc339ba838338b763afd4076397088a51d0249
Introduced
14247ee4302378d292863865c643abe99bbfe3c7
Fixed
a2209a9fc18f6e1da8a2cd74257f9af75357783d
Introduced
29ffbff370968ae48a1b7a34e35c8b8e75cf0f91
Fixed
4e31f50cf81a8660bb16b78d6da2072844617b92
Introduced
36470a480cac07d34a355e9f8a9409c1349b6e07
Fixed
b29e8559570e2ee5901242ea6ee5270cfc12eaf9
Introduced
3921fd373acaeeeee2029f762b676075cf375b33
Fixed
6a7a8a0d2daab6a40cc84e431a726d730d2bde39
Introduced
491c67be12ca8a9fe37ae38307ba7e298c976ec3
Fixed
1e0bab9050df62437db599a0811018288fc574c8
Introduced
54a3b49fa91b7beeb3da2f448154f9e75f005a9a
Fixed
39aaf4a53b2c58e0c15133c07eed926011bb8830
Introduced
6fe64752be3260f2a47f38e68c2cb77400e5a0c9
Fixed
eed2a4d4ba8624199bccbcba795d63cc9a308658
Introduced
842221094a5011886291b21fd7c705835d69e0bc
Fixed
737cceb8d2ce546c2470be162c7f09a559a5aa69
Introduced
87bf150016e042bc3e21f2f1cb9de44042b8cdb1
Fixed
909db56833d2cdaa84008c08c70ccbf8d443f15e
Introduced
9ff4499281663b0c772787fd4a60538288f842e9
Fixed
9da0a44b3e70117089257777cc38a3305a6c6c77
Introduced
b57f3aa5f00a127f209eff74b78787dd3fd5ed4d
Fixed
1681d8156e716aad9811d4a6a7b1a371913575c4
Introduced
c33464a4554cff8a082bc353d9226d8104b80d2b
Fixed
fd98e9df6fa7f939665764a92c9c5b882f81e0ad
Introduced
e3aafee3f2bc07e09bf79389f20ea3db731466c3
Fixed
2aec937d151925d6b6f8930557025ea70dd585c2
Introduced
e5e791f331d371ad6262c1893d84f5f2b6c26464
Fixed
ff8c9a02f58af3ef7b599d22a769ed50af9975f5
Introduced
f6a29831c76d2dbe82e9ae673539f910654c58a4
Fixed
049c6e0636b6712d1bfe6fb736956897e0518420
Introduced
fe47e6139dbfc0f0c9ce0d79da77926b5fceaa77
Fixed
7a8356c9b0707fbcbcacb09727dbd608557599dd

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-4047.json"

Git / github.com/wordpress/wordpress-develop

Affected ranges

Type
GIT
Repo
https://github.com/wordpress/wordpress-develop
Events
Introduced
1cf3888655c0eb8b0b0539834ad67db5920190d7
Fixed
c57e6ee4a77fb3113b88b7f13e443750e8715a9d
Introduced
2ac9b801ef5c18accf223b093529dacfcf809133
Fixed
7888e7c5317f6bf72b096d81b53268bca762b604
Introduced
31f7ece8503f0dc6ef1df2473ae3f3d352973e12
Fixed
7ce5e05e8f49c0c241b9c74b741f3dbe7b6dce8e
Introduced
36e5687edb263228eb912d542ebad988e0672beb
Fixed
7d2f1d08c2ba4dccecd40172b726b5470f337755
Introduced
470529c2bf211450e91f01ceadaa9fc97a2b4031
Fixed
d850384898170f2af7602021129d01b4442f42c0
Introduced
5aa596fee9bf6ea7f0ccc2ed51b16c0f2f04076b
Fixed
6e8baa358ac57a670e389123ddb6062f42ddc2e2
Introduced
7acf453090c10537e6f41fc4cf2608d7bbcce8ca
Fixed
a5d9b9abcd63bd445bb5131c229c34a619939ff4
Introduced
7b07c0ccc7453ce057e009ffa65f12a02ce7d2ee
Fixed
7a2874c8c4f698ce85d7a3206701d2acf5fa433c
Introduced
7c76a1b79e21176b176b5b6d6b03151f8eea4b55
Fixed
9b031271e8c9692ccc354dfbd967a8702b63a79a
Introduced
a3a0dab49ed5b740b3f05e48b06b0b259641e2d0
Fixed
6c59f0671b3c4ba6659fd7af896b9c61ef75a972
Introduced
b3bf6266acd61682bc654845f621b4426645e324
Fixed
2c0796a4ba0354514c95eb588e6b53e06aeab20e
Introduced
b5f6ca5af6e29fe5df7a65d512b177fa465cfa2e
Fixed
6367d87649ee986c4f02d455b83181d2776bf84d
Introduced
c1b5c599c9d8d83ba3a1dcfe31570d1b0f6b4c3e
Fixed
6910ad993aadcec814344c31cca9e803219f4286
Introduced
d05f0a86b23e37b9d97acd9317ff3fd661d64dea
Fixed
c051f4d7bb12c001d6210a33b2e31c6cf770ee8e
Introduced
e0bedd676512ace4c5586337c072037298315f79
Fixed
addf14cf983bc57e12f8acdb76c33f501ea74fcc
Introduced
ec8826ed50f8ce0eea39900eeeba09a9d621f00e
Fixed
9082f7a4ca5c5e4774b206d5553df4d072bdfedd
Introduced
efa83f48bd4ebd066e5efc94b9feefe50e7925a2
Fixed
85dc7fa04bd5a3d6055238fc99ac9cd4b97a357d
Introduced
f1d358137f7ed657db6afec1b1eca0b9f7814e25
Fixed
c07e9f03710f86e788bb0a49a7c3292e2d79a84b

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-4047.json"