WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Vulnerabilities

WordPress < 5.5.2 - Stored XSS in Post Slugs

Description

The release notes state:

"Thanks to Karim El Ouerghemmi from RIPS who disclosed a method to store XSS in post slugs."

Affects WordPress

5.5.1
Fixed in version 5.5.2
5.5
Fixed in version 5.5.2

References

CVE
CVE-2020-28038
URL
https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/
URL
https://blog.wpscan.com/2020/10/30/wordpress-5.5.2-security-release.html

Classification

Type

XSS

OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Original Researcher

Karim El Ouerghemmi from RIPS

Verified

No

WPVDB ID
990cf4ff-0084-4a5c-8fdb-db374ffcb5df

Timeline

Publicly Published

2020-10-29 (about 2 years ago)

Added

2020-10-29 (about 2 years ago)

Last Updated

2020-11-02 (about 2 years ago)

Our Other Services

WPScan WordPress Security Plugin