advisory_details

CVE-2020-4046

CVE ID – CVE-2020-4046

CVSS SCORE – 5.4 (AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)

AFFECTED VENDORS – WordPress

AFFECTED PRODUCTS – Version 5.4 and earlier

VULNERABILITY DETAILS – an XSS issue where authenticated users with low privileges are able to add JavaScript to posts in the block editor

ADVICE – Pentest recommend updating to version 5.4.2 to address the vulnerability

CREDIT – Sam Thomas