WordPress Vulnerabilities

WordPress < 5.5.2 - Protected Meta That Could Lead to Arbitrary File Deletion

Description

The release notes state:

"Thanks to Slavco for reporting, and confirmation from Karim El Ouerghemmi, a method to bypass protected meta that could lead to arbitrary file deletion."

Affects WordPress

5.5.1

Fixed in version 5.5.2

5.5

Fixed in version 5.5.2

References

CVE

CVE-2020-28039

URL

https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/

URL

https://github.com/WordPress/wordpress-develop/commit/d5ddd6d4be1bc9fd16b7796842e6fb26315705ad

URL

https://blog.wpscan.com/2020/10/30/wordpress-5.5.2-security-release.html

Classification

Type

FILE DELETION

OWASP top 10

A6: Security Misconfiguration

CWE

CWE-73

Miscellaneous

Original Researcher

Slavco

Verified

WPVDB ID

30662254-5a8d-40d0-8a31-eb58b51b3c33

Timeline

Publicly Published

2020-10-29 (about 2 years ago)

Added

2020-10-29 (about 2 years ago)

Last Updated

2020-11-02 (about 2 years ago)

Our Other Services

WPScan WordPress Security Plugin