Description WordPress before 5.5.2 allows attackers to gain privileges via XML-RPC. Remediation References CVE-2020-28035 Related Vulnerabilities Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-9015) WordPress Plugin Web Invoice-Invoicing and billing for WordPress Multiple SQL Injection Vulnerabilities (2.1.3) WebLogic Inclusion of Functionality from Untrusted Control Sphere Vulnerability (CVE-2018-11040) WordPress Plugin Ultimate Member-User Profile, Registration, Login, Member Directory, Content Restriction & Membership Security Bypass (1.3.83) MediaWiki remote code execution Severity Critical Classification CVE-2020-28035 CWE-269 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Tags Missing Update Known Vulnerabilities