Description WordPress before 5.5.2 allows CSRF attacks that change a theme's background image. Remediation References CVE-2020-28040 Related Vulnerabilities WordPress Plugin weForms-Easy Drag & Drop Contact Form Builder For WordPress Unspecified Vulnerability (1.5.3) WordPress Plugin Popups, Welcome Bar, Optins and Lead Generation-Icegram Cross-Site Request Forgery (1.9.18) WordPress Plugin WP Reroute Email SQL Injection (1.4.6) Oracle Database Server CVE-2019-2955 Vulnerability (CVE-2019-2955) MySQL Deserialization of Untrusted Data Vulnerability (CVE-2019-14540) Severity Medium Classification CVE-2020-28040 CWE-352 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Tags Missing Update Known Vulnerabilities