Description

The filter in the tag manager required extra sanitizing to prevent a reflected XSS risk. This affects 3.9 to 3.9.1, 3.8 to 3.8.4, 3.7 to 3.7.7, 3.5 to 3.5.13 and earlier unsupported versions. Fixed in 3.9.2, 3.8.5, 3.7.8 and 3.5.14.

Remediation

References

CVE-2020-25628

Related Vulnerabilities

WordPress Plugin Crayon Syntax Highlighter Security Bypass (2.6.10)

WordPress Plugin PAYPAL CURRENCY CONVERTER BASIC FOR WOOCOMMERCE Arbitrary File Disclosure (1.3)

XWiki Improper Handling of Exceptional Conditions Vulnerability (CVE-2023-26479)

PHP Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-1130)

WordPress Plugin WP-Property-WordPress Powered Real Estate and Property Management Information Disclosure (1.38.3.2)

Severity

Medium

Classification

CVE-2020-25628 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities