CVE-2020-11029

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2020-11029
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-11029.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-11029
Aliases
Downstream
Related
  • GHSA-568w-8m88-8g2c
Published
2020-04-30T23:15:11.747Z
Modified
2026-03-14T14:42:28.311885Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

In affected versions of WordPress, a vulnerability in the stats() method of class-wp-object-cache.php can be exploited to execute cross-site scripting (XSS) attacks. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33).

References

Affected packages

Git / github.com/wordpress/wordpress

Affected ranges

Type
GIT
Repo
https://github.com/wordpress/wordpress
Events
Introduced
3921fd373acaeeeee2029f762b676075cf375b33
Fixed
5f0bf1caedc7a0f6f355ec848a3727b410943430
Introduced
36470a480cac07d34a355e9f8a9409c1349b6e07
Fixed
a8e1a81a4a6e3bbd3f365d2097613760a6c65376
Introduced
54a3b49fa91b7beeb3da2f448154f9e75f005a9a
Fixed
1a119122d514818e7383b3521ad6aef4b9d90f30
Introduced
842221094a5011886291b21fd7c705835d69e0bc
Fixed
7a45cb2c3af33300501e5c87def89b7607e173cb
Introduced
e5e791f331d371ad6262c1893d84f5f2b6c26464
Fixed
641b0fea4e35a51ffbcc7ceab5780f0fd2e372fe
Introduced
87bf150016e042bc3e21f2f1cb9de44042b8cdb1
Fixed
022ab492e2901ffd11024b7bfc0db743db2b507f
Introduced
b57f3aa5f00a127f209eff74b78787dd3fd5ed4d
Fixed
e13d8405b4f56838140ed73e52032c3c08a983d4
Introduced
f6a29831c76d2dbe82e9ae673539f910654c58a4
Fixed
72f2d37159b724913cfb1c248b8dd2b88ed33ff2
Introduced
e3aafee3f2bc07e09bf79389f20ea3db731466c3
Fixed
ebe83073ffd7954380a37831defa4661d030a7ec
Introduced
fe47e6139dbfc0f0c9ce0d79da77926b5fceaa77
Fixed
f4f41452e0a791ee79ec820070998914fb221586
Introduced
14247ee4302378d292863865c643abe99bbfe3c7
Fixed
f889561be6949a918595723b2c55a6581cd88749
Introduced
06fa4161aa74619239cf27017d124081c825684a
Fixed
9725451e67ed65e76fc43d3dbb5885753c3eb53e
Introduced
29ffbff370968ae48a1b7a34e35c8b8e75cf0f91
Fixed
5c99450be128d698c75b81f77b1ac583ebcd308b
Introduced
491c67be12ca8a9fe37ae38307ba7e298c976ec3
Fixed
400bd2c1e504ad2b90c40f834be6a409b5d1d28e
Introduced
c33464a4554cff8a082bc353d9226d8104b80d2b
Fixed
6b364bc2314f22ed3c73932949b8e52ef9b21578
Introduced
6fe64752be3260f2a47f38e68c2cb77400e5a0c9
Fixed
023c7cba733f1237a3fd5b8c001ccc17e54a7d9f
Introduced
50dc0ca5bb332c895f0f39fe4e6ee1e4a43e06dc
Fixed
055731393c341ac801f3b3bced6bf33d46e40107
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
9ff4499281663b0c772787fd4a60538288f842e9
Database specific 
{
    "versions": [
        {
            "introduced": "3.7"
        },
        {
            "fixed": "3.7.33"
        },
        {
            "introduced": "3.8"
        },
        {
            "fixed": "3.8.33"
        },
        {
            "introduced": "3.9"
        },
        {
            "fixed": "3.9.31"
        },
        {
            "introduced": "4.0"
        },
        {
            "fixed": "4.0.30"
        },
        {
            "introduced": "4.1"
        },
        {
            "fixed": "4.1.30"
        },
        {
            "introduced": "4.2"
        },
        {
            "fixed": "4.2.27"
        },
        {
            "introduced": "4.3"
        },
        {
            "fixed": "4.3.23"
        },
        {
            "introduced": "4.4"
        },
        {
            "fixed": "4.4.22"
        },
        {
            "introduced": "4.5"
        },
        {
            "fixed": "4.5.21"
        },
        {
            "introduced": "4.6"
        },
        {
            "fixed": "4.6.18"
        },
        {
            "introduced": "4.7"
        },
        {
            "fixed": "4.7.17"
        },
        {
            "introduced": "4.8"
        },
        {
            "fixed": "4.8.13"
        },
        {
            "introduced": "4.9"
        },
        {
            "fixed": "4.9.14"
        },
        {
            "introduced": "5.0"
        },
        {
            "fixed": "5.0.9"
        },
        {
            "introduced": "5.1"
        },
        {
            "fixed": "5.1.5"
        },
        {
            "introduced": "5.2"
        },
        {
            "fixed": "5.2.6"
        },
        {
            "introduced": "5.3"
        },
        {
            "fixed": "5.3.3"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "5.4"
        }
    ]
}

Database specific

unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "8.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "10.0"
            }
        ]
    }
]
source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-11029.json"