Description WordPress before 5.5.2 allows attackers to gain privileges via XML-RPC. Remediation References CVE-2020-28035 Related Vulnerabilities Jenkins Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-0324) WordPress Plugin Zedity:The Easiest Way To Create Posts & Pages Unspecified Vulnerability (5.0.2) Zenphoto Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-2949) WordPress Plugin WordPress Appointment Booking and Online Scheduling by Appointy Cross-Site Scripting (2.40) Envoy Proxy CVE-2023-27496 Vulnerability (CVE-2023-27496) Severity Critical Classification CVE-2020-28035 CWE-269 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Tags Missing Update Known Vulnerabilities