CVE-2020-4050
3.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N
Summary
In affected versions of WordPress, misuse of the set-screen-option filter's return value allows arbitrary user meta fields to be saved. It does require an admin to install a plugin that would misuse the filter. Once installed, it can be leveraged by low privileged users. This has been patched in version 5.4.2, along with all the previously affected versions via a minor release (5.3.4, 5.2.7, 5.1.6, 5.0.10, 4.9.15, 4.8.14, 4.7.18, 4.6.19, 4.5.22, 4.4.23, 4.3.24, 4.2.28, 4.1.31, 4.0.31, 3.9.32, 3.8.34, 3.7.34).
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| WordPress | wordpress-develop | >= 5.4.0, < 5.4.2 | affected |
| WordPress | wordpress-develop | >= 5.3.0, < 5.3.4 | affected |
| WordPress | wordpress-develop | >= 5.2.0, < 5.2.7 | affected |
| WordPress | wordpress-develop | >= 5.1.0, < 5.1.6 | affected |
| WordPress | wordpress-develop | >= 5.0.0, < 5.0.10 | affected |
| WordPress | wordpress-develop | >= 4.9.0, < 4.9.15 | affected |
| WordPress | wordpress-develop | >= 4.8.0, < 4.8.14 | affected |
| WordPress | wordpress-develop | >= 4.7.0, < 4.7.18 | affected |
| WordPress | wordpress-develop | >= 4.6.0, < 4.6.19 | affected |
| WordPress | wordpress-develop | >= 4.5.0, < 4.5.22 | affected |
| WordPress | wordpress-develop | >= 4.4.0, < 4.4.23 | affected |
| WordPress | wordpress-develop | >= 4.3.0, < 4.3.24 | affected |
| WordPress | wordpress-develop | >= 4.2.0, < 4.2.28 | affected |
| WordPress | wordpress-develop | >= 4.1.0, < 4.1.31 | affected |
| WordPress | wordpress-develop | >= 4.0.0, < 4.0.31 | affected |
| WordPress | wordpress-develop | >= 3.9.0, < 3.9.32 | affected |
| WordPress | wordpress-develop | >= 3.8.0, < 3.8.34 | affected |
| WordPress | wordpress-develop | >= 3.7.0, < 3.7.34 | affected |
Weaknesses
- CWE-288: CWE-288: Authentication Bypass Using an Alternate Path or Channel
ADP Enrichment
CVE Program Container
Additional References
- https://wordpress.org/news/2020/06/wordpress-5-4-2-security-and-maintenance-release/
- https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-4vpv-fgg2-gcqc
- https://github.com/WordPress/wordpress-develop/commit/b8dea76b495f0072523106c6ec46b9ea0d2a0920
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ODNHXVJS25YVWYQHOCICXTLIN5UYJFDN/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/773N2ZV7QEMBGKH6FBKI6Q5S3YJMW357/
- https://www.debian.org/security/2020/dsa-4709
- https://lists.debian.org/debian-lts-announce/2020/07/msg00000.html
- https://lists.debian.org/debian-lts-announce/2020/09/msg00011.html
References
- https://wordpress.org/news/2020/06/wordpress-5-4-2-security-and-maintenance-release/
- https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-4vpv-fgg2-gcqc
- https://github.com/WordPress/wordpress-develop/commit/b8dea76b495f0072523106c6ec46b9ea0d2a0920
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ODNHXVJS25YVWYQHOCICXTLIN5UYJFDN/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/773N2ZV7QEMBGKH6FBKI6Q5S3YJMW357/
- https://www.debian.org/security/2020/dsa-4709
- https://lists.debian.org/debian-lts-announce/2020/07/msg00000.html
- https://lists.debian.org/debian-lts-announce/2020/09/msg00011.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.