Description

is_protected_meta in wp-includes/meta.php in WordPress before 5.5.2 allows arbitrary file deletion because it does not properly determine whether a meta key is considered protected.

Remediation

References

CVE-2020-28039

Related Vulnerabilities

WordPress Plugin Contact Bank-Contact Form Builder for WordPress Cross-Site Scripting (2.0.225)

WordPress Plugin Catch Scroll Progress Bar Security Bypass (1.5)

WordPress Plugin Web Application Firewall-website security Privilege Escalation (2.1.1)

Oracle HTTP Server CVE-2014-0098 Vulnerability (CVE-2014-0098)

WordPress Plugin Loginizer SQL Injection (1.6.3)

Severity

Critical

Classification

CVE-2020-28039 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Tags

Missing Update Known Vulnerabilities