CVE-2020-4050

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2020-4050
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-4050.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2020-4050
Aliases
Related
Published
2020-06-12T16:15:10Z
Modified
2024-10-11T10:10:44Z
Severity
  • 3.1 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
Summary
[none]
Details

In affected versions of WordPress, misuse of the set-screen-option filter's return value allows arbitrary user meta fields to be saved. It does require an admin to install a plugin that would misuse the filter. Once installed, it can be leveraged by low privileged users. This has been patched in version 5.4.2, along with all the previously affected versions via a minor release (5.3.4, 5.2.7, 5.1.6, 5.0.10, 4.9.15, 4.8.14, 4.7.18, 4.6.19, 4.5.22, 4.4.23, 4.3.24, 4.2.28, 4.1.31, 4.0.31, 3.9.32, 3.8.34, 3.7.34).

References

Affected packages

Debian:11 / wordpress

Package

Name
wordpress
Purl
pkg:deb/debian/wordpress?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.4.2+dfsg1-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:12 / wordpress

Package

Name
wordpress
Purl
pkg:deb/debian/wordpress?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.4.2+dfsg1-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:13 / wordpress

Package

Name
wordpress
Purl
pkg:deb/debian/wordpress?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.4.2+dfsg1-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Git / github.com/wordpress/wordpress

Affected ranges

Type
GIT
Repo
https://github.com/wordpress/wordpress
Events
Introduced
3921fd373acaeeeee2029f762b676075cf375b33
Fixed
6a7a8a0d2daab6a40cc84e431a726d730d2bde39
Type
GIT
Repo
https://github.com/wordpress/wordpress-develop
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
b8dea76b495f0072523106c6ec46b9ea0d2a0920