Description WordPress before 5.5.2 allows attackers to gain privileges via XML-RPC. Remediation References CVE-2020-28035 Related Vulnerabilities GlassFish CVE-2010-2397 Vulnerability (CVE-2010-2397) Plone arbitrary code execution WordPress Plugin Coming Soon, Under Construction & Maintenance Mode By Dazzler Unspecified Vulnerability (1.6.8) WordPress Plugin Tags Cloud Manager Cross-Site Scripting (1.0.0) WordPress Plugin Integration for Contact Form 7 and Pipedrive Cross-Site Scripting (1.0.9) Severity Critical Classification CVE-2020-28035 CWE-269 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Tags Missing Update Known Vulnerabilities