WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Vulnerabilities

WordPress < 5.4.2 - Disclosure of Password-Protected Page/Post Comments

Description

Props to Carolina Nymark for discovering an issue where comments from password-protected posts and pages could be displayed under certain conditions.

Affects WordPress

5.4.1
Fixed in version 5.4.2
5.4
Fixed in version 5.4.2
5.3.3
Fixed in version 5.3.4
5.3.2
Fixed in version 5.3.4
5.3.1
Fixed in version 5.3.4
5.3
Fixed in version 5.3.4
5.2.6
Fixed in version 5.2.7
5.2.5
Fixed in version 5.2.7
5.2.4
Fixed in version 5.2.7
5.2.3
Fixed in version 5.2.7

References

CVE
CVE-2020-25286
URL
https://wordpress.org/news/2020/06/wordpress-5-4-2-security-and-maintenance-release/
URL
https://github.com/WordPress/WordPress/commit/c075eec24f2f3214ab0d0fb0120a23082e6b1122

Classification

Type

SENSITIVE DATA DISCLOSURE

OWASP top 10
A3: Sensitive Data Exposure
CWE
CWE-200

Miscellaneous

Original Researcher

Carolina Nymark

Verified

No

WPVDB ID
eea6dbf5-e298-44a7-9b0d-f078ad4741f9

Timeline

Publicly Published

2020-06-11 (about 2 years ago)

Added

2020-06-11 (about 2 years ago)

Last Updated

2020-09-15 (about 2 years ago)

Our Other Services

WPScan WordPress Security Plugin