Description WordPress before 5.5.2 allows CSRF attacks that change a theme's background image. Remediation References CVE-2020-28040 Related Vulnerabilities e107 Other Vulnerability (CVE-2004-2042) WordPress 4.5.x Multiple Vulnerabilities (4.5 - 4.5.2) WordPress Plugin WP Image Zoom Local File Inclusion (1.46) PHP Other Vulnerability (CVE-2007-1401) Jenkins Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-1000399) Severity Medium Classification CVE-2020-28040 CWE-352 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Tags Missing Update Known Vulnerabilities