Privilege Escalation

2020-06-1502:54:25

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

EPSS

0.001

Percentile

41.7%

JSON

wordpress is vulnerable to privilege escalation. The vulnerability exists as it allows arbitrary user meta fields to be saved through the set-screen-option filter’s return value.

References

github.com/WordPress/wordpress-develop/commit/b8dea76b495f0072523106c6ec46b9ea0d2a0920

github.com/WordPress/wordpress-develop/security/advisories/GHSA-4vpv-fgg2-gcqc

lists.debian.org/debian-lts-announce/2020/07/msg00000.html

lists.debian.org/debian-lts-announce/2020/09/msg00011.html

lists.fedoraproject.org/archives/list/[email protected]/message/773N2ZV7QEMBGKH6FBKI6Q5S3YJMW357/

lists.fedoraproject.org/archives/list/[email protected]/message/ODNHXVJS25YVWYQHOCICXTLIN5UYJFDN/

wordpress.org/news/2020/06/wordpress-5-4-2-security-and-maintenance-release/

www.debian.org/security/2020/dsa-4709

EPSS

0.001

Percentile

41.7%

JSON

Related for VERACODE:25675