Description

In wp-includes/comment-template.php in WordPress before 5.4.2, comments from a post or page could sometimes be seen in the latest comments even if the post or page was not public.

Remediation

References

CVE-2020-25286

Related Vulnerabilities

SugarCRM Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-17307)

WordPress Plugin Dynamic Content for Elementor Remote Code Execution (1.9.5.6)

WordPress Plugin EventON Cross-Site Scripting (3.0.5)

IBM RTC Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-1524)

PHP Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2019-11045)

Severity

Medium

Classification

CVE-2020-25286 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities