Vulnerability Description
In affected versions of WordPress, a special payload can be crafted that can lead to scripts getting executed within the search block of the block editor. This requires an authenticated user with the ability to add content. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33).
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Wordpress | Wordpress | < 5.4.1 |
| Debian | Debian Linux | 9.0 |
Related Weaknesses (CWE)
References
- https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-vccm-6gmThird Party Advisory
- https://wordpress.org/support/wordpress-version/version-5-4-1/#security-updatesRelease NotesVendor Advisory
- https://www.debian.org/security/2020/dsa-4677Third Party Advisory
- https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-vccm-6gmThird Party Advisory
- https://wordpress.org/support/wordpress-version/version-5-4-1/#security-updatesRelease NotesVendor Advisory
- https://www.debian.org/security/2020/dsa-4677Third Party Advisory
FAQ
What is CVE-2020-11030?
CVE-2020-11030 is a vulnerability with a CVSS score of 6.4 (MEDIUM). In affected versions of WordPress, a special payload can be crafted that can lead to scripts getting executed within the search block of the block editor. This requires an authenticated user with the ...
How severe is CVE-2020-11030?
CVE-2020-11030 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-11030?
Check the references section above for vendor advisories and patch information. Affected products include: Wordpress Wordpress, Debian Debian Linux.