|
In affected versions of WordPress, misuse of the `set-screen-option` filter's return value allows arbitrary user meta fields to be saved. It does require an admin to install a plugin that would misuse the filter. Once installed, it can be leveraged by low privileged users. This has been patched in version 5.4.2, along with all the previously affected versions via a minor release (5.3.4, 5.2.7, 5.1.6, 5.0.10, 4.9.15, 4.8.14, 4.7.18, 4.6.19, 4.5.22, 4.4.23, 4.3.24, 4.2.28, 4.1.31, 4.0.31, 3.9.32, 3.8.34, 3.7.34).
Publish Date : 2020-06-12 Last Update Date : 2020-09-11
-
CVSS Scores & Vulnerability Types
| CVSS Score |
6.0 |
| Confidentiality Impact |
Partial
(There is considerable informational disclosure.) |
| Integrity Impact |
Partial
(Modification of some system files or information is possible, but the attacker does not have control over what can be modified, or the scope of what the attacker can affect is limited.) |
| Availability Impact |
Partial
(There is reduced performance or interruptions in resource availability.) |
| Access Complexity |
Medium
(The access conditions are somewhat specialized. Some preconditions must be satistified to exploit) |
| Authentication |
??? |
| Gained Access |
None |
| Vulnerability Type(s) |
|
| CWE ID |
288 |
|
|
-
Products Affected By CVE-2020-4050
-
Number Of Affected Versions By Product
-
References For CVE-2020-4050
|
|
