Description

wp-includes/class-wp-xmlrpc-server.php in WordPress before 5.5.2 allows attackers to gain privileges by using XML-RPC to comment on a post.

Remediation

References

CVE-2020-28036

Related Vulnerabilities

Drupal Inclusion of Functionality from Untrusted Control Sphere Vulnerability (CVE-2017-6381)

Elgg Exposure of Private Personal Information to an Unauthorized Actor Vulnerability (CVE-2021-3980)

Internet Information Services Other Vulnerability (CVE-1999-0450)

Dolibarr Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-5323)

WordPress Plugin Contact Bank-Contact Form Builder for WordPress Cross-Site Scripting (2.1.22)

Severity

Critical

Classification

CVE-2020-28036 CWE-269 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities