Lucene search

K

Veracode Vulnerability DatabaseVERACODE:25678

HistoryJun 15, 2020 - 3:53 a.m.

Remote Code Execution (RCE)

2020-06-1503:53:52

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

13

EPSS

0.001

Percentile

43.4%

wordpress is vulnerable to remote code execution (RCE). The vulnerability exists as it allows users with upload permissions to upload files containing malicious scripts via the attachment, leading to an execution of malicious code when a user with higher privilege views the files.

References

github.com/WordPress/wordpress-develop/commit/0977c0d6b241479ecedfe19e96be69f727c3f81f

github.com/WordPress/wordpress-develop/security/advisories/GHSA-8q2w-5m27-wm27

lists.debian.org/debian-lts-announce/2020/07/msg00000.html

lists.debian.org/debian-lts-announce/2020/09/msg00011.html

lists.fedoraproject.org/archives/list/[email protected]/message/773N2ZV7QEMBGKH6FBKI6Q5S3YJMW357/

lists.fedoraproject.org/archives/list/[email protected]/message/ODNHXVJS25YVWYQHOCICXTLIN5UYJFDN/

wordpress.org/news/2020/06/wordpress-5-4-2-security-and-maintenance-release/

www.debian.org/security/2020/dsa-4709

EPSS

0.001

Percentile

43.4%

Related for VERACODE:25678

redhatcve1 wpvulndb1 cvelist1 prion1 ubuntucve1 debiancve1 osv6 cve1 nvd1 nessus6 debian4 openvas7 fedora2