UBUNTU-CVE-2020-4047

See a problem?
Please try reporting it to the source first.
Source
https://ubuntu.com/security/CVE-2020-4047
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2020/UBUNTU-CVE-2020-4047.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2020-4047
Upstream
Published
2020-06-12T16:15:00Z
Modified
2025-09-08T16:45:56Z
Severity
  • 6.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N CVSS Calculator
  • 6.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N CVSS Calculator
  • Ubuntu - medium
Summary
[none]
Details

In affected versions of WordPress, authenticated users with upload permissions (like authors) are able to inject JavaScript into some media file attachment pages in a certain way. This can lead to script execution in the context of a higher privileged user when the file is viewed by them. This has been patched in version 5.4.2, along with all the previously affected versions via a minor release (5.3.4, 5.2.7, 5.1.6, 5.0.10, 4.9.15, 4.8.14, 4.7.18, 4.6.19, 4.5.22, 4.4.23, 4.3.24, 4.2.28, 4.1.31, 4.0.31, 3.9.32, 3.8.34, 3.7.34).

References

Affected packages

Ubuntu:Pro:16.04:LTS / wordpress

Package

Name
wordpress
Purl
pkg:deb/ubuntu/wordpress@4.4.2+dfsg-1ubuntu1?arch=source&distro=esm-apps/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.3+dfsg-1
4.3.1+dfsg-1
4.4+dfsg-1
4.4.1+dfsg-1
4.4.2+dfsg-1
4.4.2+dfsg-1ubuntu1

Ecosystem specific 

{
    "binaries": [
        {
            "binary_version": "4.4.2+dfsg-1ubuntu1",
            "binary_name": "wordpress"
        },
        {
            "binary_version": "4.4.2+dfsg-1ubuntu1",
            "binary_name": "wordpress-l10n"
        },
        {
            "binary_version": "4.4.2+dfsg-1ubuntu1",
            "binary_name": "wordpress-theme-twentyfifteen"
        },
        {
            "binary_version": "4.4.2+dfsg-1ubuntu1",
            "binary_name": "wordpress-theme-twentyfourteen"
        },
        {
            "binary_version": "4.4.2+dfsg-1ubuntu1",
            "binary_name": "wordpress-theme-twentysixteen"
        }
    ]
}

Ubuntu:Pro:18.04:LTS / wordpress

Package

Name
wordpress
Purl
pkg:deb/ubuntu/wordpress@4.9.5+dfsg1-1?arch=source&distro=esm-apps/bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.8.2+dfsg-2
4.8.3+dfsg-1
4.9.1+dfsg-1
4.9.2+dfsg-1
4.9.4+dfsg-1
4.9.5+dfsg1-1

Ecosystem specific 

{
    "binaries": [
        {
            "binary_version": "4.9.5+dfsg1-1",
            "binary_name": "wordpress"
        },
        {
            "binary_version": "4.9.5+dfsg1-1",
            "binary_name": "wordpress-l10n"
        },
        {
            "binary_version": "4.9.5+dfsg1-1",
            "binary_name": "wordpress-theme-twentyfifteen"
        },
        {
            "binary_version": "4.9.5+dfsg1-1",
            "binary_name": "wordpress-theme-twentyseventeen"
        },
        {
            "binary_version": "4.9.5+dfsg1-1",
            "binary_name": "wordpress-theme-twentysixteen"
        }
    ]
}

Ubuntu:Pro:20.04:LTS / wordpress

Package

Name
wordpress
Purl
pkg:deb/ubuntu/wordpress@5.3.2+dfsg1-1ubuntu1?arch=source&distro=esm-apps/focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.2.2+dfsg1-1
5.2.4+dfsg1-1
5.3.2+dfsg1-1
5.3.2+dfsg1-1ubuntu1

Ecosystem specific 

{
    "binaries": [
        {
            "binary_version": "5.3.2+dfsg1-1ubuntu1",
            "binary_name": "wordpress"
        },
        {
            "binary_version": "5.3.2+dfsg1-1ubuntu1",
            "binary_name": "wordpress-l10n"
        },
        {
            "binary_version": "5.3.2+dfsg1-1ubuntu1",
            "binary_name": "wordpress-theme-twentynineteen"
        },
        {
            "binary_version": "5.3.2+dfsg1-1ubuntu1",
            "binary_name": "wordpress-theme-twentyseventeen"
        },
        {
            "binary_version": "5.3.2+dfsg1-1ubuntu1",
            "binary_name": "wordpress-theme-twentysixteen"
        }
    ]
}

Ubuntu:22.04:LTS / wordpress

Package

Name
wordpress
Purl
pkg:deb/ubuntu/wordpress@5.8.3+dfsg1-1ubuntu1.1?arch=source&distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.7.1+dfsg1-2ubuntu1
5.8.1+dfsg1-2ubuntu1
5.8.2+dfsg1-1ubuntu1
5.8.3+dfsg1-1ubuntu1
5.8.3+dfsg1-1ubuntu1.1

Ecosystem specific 

{
    "binaries": [
        {
            "binary_version": "5.8.3+dfsg1-1ubuntu1.1",
            "binary_name": "wordpress"
        },
        {
            "binary_version": "5.8.3+dfsg1-1ubuntu1.1",
            "binary_name": "wordpress-l10n"
        },
        {
            "binary_version": "5.8.3+dfsg1-1ubuntu1.1",
            "binary_name": "wordpress-theme-twentynineteen"
        },
        {
            "binary_version": "5.8.3+dfsg1-1ubuntu1.1",
            "binary_name": "wordpress-theme-twentytwenty"
        },
        {
            "binary_version": "5.8.3+dfsg1-1ubuntu1.1",
            "binary_name": "wordpress-theme-twentytwentyone"
        }
    ]
}