CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N
AI Score
Confidence
High
EPSS
Percentile
73.8%
WordPress 5.4.2 Security and Maintenance Release
This security and maintenance release features 23 fixes and enhancements. Plus, it adds a number of security fixes—see the list below.
These bugs affect WordPress versions 5.4.1 and earlier; version 5.4.2 fixes them, so you’ll want to upgrade.
Security Updates
WordPress versions 5.4 and earlier are affected by the following bugs, which are fixed in version 5.4.2. If you haven’t yet updated to 5.4, there are also updated versions of 5.3 and earlier that fix the security issues.
Props to Sam Thomas (jazzy2fives) for finding an XSS issue where authenticated users with low privileges are able to add JavaScript to posts in the block editor.
Props to Luigi – (gubello.me) for discovering an XSS issue where authenticated users with upload permissions are able to add JavaScript to media files.
Props to Ben Bidner of the WordPress Security Team for finding an open redirect issue in wp_validate_redirect().
Props to Nrimo Ing Pandum for finding an authenticated XSS issue via theme uploads.
Props to Simon Scannell of RIPS Technologies for finding an issue where set-screen-option can be misused by plugins leading to privilege escalation.
Props to Carolina Nymark for discovering an issue where comments from password-protected posts and pages could be displayed under certain conditions.
Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Fedora Security Advisory FEDORA-2020-8447a3e195.
#
include('compat.inc');
if (description)
{
script_id(137734);
script_version("1.7");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/06");
script_cve_id(
"CVE-2020-4046",
"CVE-2020-4047",
"CVE-2020-4048",
"CVE-2020-4049",
"CVE-2020-4050"
);
script_xref(name:"FEDORA", value:"2020-8447a3e195");
script_xref(name:"IAVA", value:"2020-A-0266-S");
script_name(english:"Fedora 32 : wordpress (2020-8447a3e195)");
script_set_attribute(attribute:"synopsis", value:
"The remote Fedora host is missing a security update.");
script_set_attribute(attribute:"description", value:
"**WordPress 5.4.2 Security and Maintenance Release**
This security and maintenance release features 23 fixes and
enhancements. Plus, it adds a number of security fixes—see the
list below.
These bugs affect WordPress versions 5.4.1 and earlier; version 5.4.2
fixes them, so you’ll want to upgrade.
**Security Updates**
WordPress versions 5.4 and earlier are affected by the following bugs,
which are fixed in version 5.4.2. If you haven’t yet updated to
5.4, there are also updated versions of 5.3 and earlier that fix the
security issues.
- Props to Sam Thomas (jazzy2fives) for finding an XSS
issue where authenticated users with low privileges are
able to add JavaScript to posts in the block editor.
- Props to Luigi – (gubello.me) for discovering an
XSS issue where authenticated users with upload
permissions are able to add JavaScript to media files.
- Props to Ben Bidner of the WordPress Security Team for
finding an open redirect issue in
wp_validate_redirect().
- Props to Nrimo Ing Pandum for finding an authenticated
XSS issue via theme uploads.
- Props to Simon Scannell of RIPS Technologies for finding
an issue where set-screen-option can be misused by
plugins leading to privilege escalation.
- Props to Carolina Nymark for discovering an issue where
comments from password-protected posts and pages could
be displayed under certain conditions.
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues.");
script_set_attribute(attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2020-8447a3e195");
script_set_attribute(attribute:"solution", value:
"Update the affected wordpress package.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-4050");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2020-4047");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2020/06/12");
script_set_attribute(attribute:"patch_publication_date", value:"2020/06/23");
script_set_attribute(attribute:"plugin_publication_date", value:"2020/06/23");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:wordpress");
script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:32");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_set_attribute(attribute:"stig_severity", value:"II");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Fedora Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! preg(pattern:"^32([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 32", "Fedora " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
flag = 0;
if (rpm_check(release:"FC32", reference:"wordpress-5.4.2-1.fc32")) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "wordpress");
}
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-4046
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-4047
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-4048
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-4049
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-4050
bodhi.fedoraproject.org/updates/FEDORA-2020-8447a3e195
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N
AI Score
Confidence
High
EPSS
Percentile
73.8%