Advisories

CVE-2020-4046

CVE ID – CVE-2020-4046

CVSS SCORE – 5.4 (AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)

AFFECTED VENDORS – WordPress

AFFECTED PRODUCTS – Version 5.4 and earlier

VULNERABILITY DETAILS – an XSS issue where authenticated users with low privileges are able to add JavaScript to posts in the block editor

ADVICE – Pentest recommend updating to version 5.4.2 to address the vulnerability

CREDIT – Sam Thomas

Get in touch with our team and find out how our tailored services can provide you with the information security confidence you need.

Pentest Limited is registered in England and Wales with company number 11925182

Registered address: 22 Great James Street, London, WC1N 3ES

VAT registration No: 331802826