Description WordPress before 5.5.2 allows CSRF attacks that change a theme's background image. Remediation References CVE-2020-28040 Related Vulnerabilities Atlassian Confluence Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2023-22522) PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2008-2050) WordPress Plugin Great Quotes Cross-Site Scripting (1.0.0) WordPress Plugin WordPress Social Ring (Facebook Like, Google +1, ReTweet, LinkedIn and Pin It) Cross-Site Scripting (1.1.9) WordPress Plugin Catchers Helpdesk and Ticket system for Support Cross-Site Scripting (1.0.3) Severity Medium Classification CVE-2020-28040 CWE-352 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Tags Missing Update Known Vulnerabilities