WordPress Vulnerabilities

WordPress < 5.5.2 - XML-RPC Privilege Escalation

Description

The release notes state:

"Thanks to Justin Tran who reported an issue surrounding privilege escalation in XML-RPC. He also found and disclosed an issue around privilege escalation around post commenting via XML-RPC."

Affects WordPress

5.5.1

Fixed in version 5.5.2

5.5

Fixed in version 5.5.2

References

CVE

CVE-2020-28035

CVE

CVE-2020-28036

URL

https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/

URL

https://github.com/WordPress/wordpress-develop/commit/c9e6b98968025b1629015998d12c3102165a7d32

URL

https://blog.wpscan.com/2020/10/30/wordpress-5.5.2-security-release.html

Classification

Type

PRIVESC

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CWE-269

Miscellaneous

Original Researcher

Justin Tran

Verified

WPVDB ID

76a05ec0-08f3-459f-8379-3b4865a0813f

Timeline

Publicly Published

2020-10-29 (about 2 years ago)

Added

2020-10-29 (about 2 years ago)

Last Updated

2020-11-01 (about 2 years ago)

Our Other Services

WPScan WordPress Security Plugin