CVE-2020-11030

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-11030

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-11030.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-11030

Aliases

Downstream

DEBIAN-CVE-2020-11030

UBUNTU-CVE-2020-11030

Related

GHSA-vccm-6gmc-qhjh

Published

2020-04-30T23:15:11.823Z

Modified

2025-11-30T05:05:11.340827Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

In affected versions of WordPress, a special payload can be crafted that can lead to scripts getting executed within the search block of the block editor. This requires an authenticated user with the ability to add content. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33).

References

Affected packages

Git / github.com/wordpress/wordpress

Affected ranges

Type: GIT
Repo: https://github.com/wordpress/wordpress
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

f834e179019627f6faa9d807fbe038c28aee253f

Git / github.com/wordpress/wordpress-develop

Affected ranges

Type: GIT
Repo: https://github.com/wordpress/wordpress-develop
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

a0d1613a046f8ce197103d3b872ea7b706dfa6fd