Description WordPress before 5.5.2 allows CSRF attacks that change a theme's background image. Remediation References CVE-2020-28040 Related Vulnerabilities WordPress Plugin Easy PayPal Gift Certificate Multiple Vulnerabilities (1.2.3) WordPress Plugin WP-UserOnline Cross-Site Scripting (2.87.6) WordPress 3.7.x Multiple Vulnerabilities (3.7 - 3.7.27) PHP Other Vulnerability (CVE-2007-2511) WordPress Plugin Cf7Save Extension Cross-Site Scripting (1.0) Severity Medium Classification CVE-2020-28040 CWE-352 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Tags Missing Update Known Vulnerabilities