WordPress Vulnerabilities

WordPress < 5.5.2 - Hardening Deserialization Requests

Description

The release notes state:

"Props to Alex Concha of the WordPress Security Team for their work in hardening deserialization requests."

This vulnerability affected the third-party "Requests for PHP" library used by WordPress.

Affects WordPress

5.5.1

Fixed in version 5.5.2

5.5

Fixed in version 5.5.2

References

CVE

CVE-2020-28032

URL

https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/

URL

https://github.com/WordPress/wordpress-develop/commit/add6bedf3a53b647d0ebda2970057912d3cd79d3

URL

https://blog.wpscan.com/2020/10/30/wordpress-5.5.2-security-release.html

URL

https://github.com/WordPress/Requests/security/advisories/GHSA-52qp-jpq7-6c54

Classification

Type

OBJECT INJECTION

OWASP top 10

A8: Insecure Deserialization

CWE

CWE-502

Miscellaneous

Original Researcher

Alex Concha of the WordPress Security Team

Verified

WPVDB ID

f2bd06cf-f4e9-4077-90b0-fba80c3d0969

Timeline

Publicly Published

2020-10-29 (about 2 years ago)

Added

2020-10-29 (about 2 years ago)

Last Updated

2021-04-29 (about 1 years ago)

Our Other Services

WPScan WordPress Security Plugin