Description

WordPress before 5.5.2 allows attackers to gain privileges via XML-RPC.

Remediation

References

CVE-2020-28035

Related Vulnerabilities

WordPress Plugin Venture Event Manager Cross-Site Scripting (3.2.4)

Drupal Core 4.7.x Security Bypass (4.7.0 - 4.7.7)

Joomla Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-7859)

WordPress Plugin Shortlinks by Pretty Links-Best WordPress Link Tracking Cross-Site Scripting (1.6.8)

MySQL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-3319)

Severity

Critical

Classification

CVE-2020-28035 CWE-269 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities