WordPress CVE-2020-25286 Vulnerability (CVE-2020-25286)

Description

In wp-includes/comment-template.php in WordPress before 5.4.2, comments from a post or page could sometimes be seen in the latest comments even if the post or page was not public.

Remediation

References

CVE-2020-25286

Related Vulnerabilities

WordPress Plugin Affiliates Manager Unspecified Vulnerability (2.7.7)

WordPress Plugin Product Catalog Multiple SQL Injection Vulnerabilities (2.1)

WordPress Plugin SB Uploader Arbitrary File Upload (3.2)

PHP Use of Uninitialized Resource Vulnerability (CVE-2015-8390)

WordPress Plugin Advanced Page Manager Cross-Site Scripting (1.4.1)

Severity

Medium

Classification

CVE-2020-25286 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N