WordPress Vulnerabilities

WordPress < 5.5.2 - Unauthenticated DoS Attack to RCE

Description

The release notes state:

"Props to Omar Ganiev who reported a method where a DoS attack could lead to RCE."

The attack consisted of creating a DoS condition on the MySQL database, which would make WordPress think that it has not been installed, presenting the installation wizard. The DoS attack would then need to be stopped. According the original researcher, the attack would be very hard to reproduce.

Affects WordPress

5.5.1
Fixed in WordPress 5.5.2
5.5
Fixed in WordPress 5.5.2

References

CVE
CVE-2020-28037
URL
https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/
URL
https://github.com/WordPress/wordpress-develop/commit/2ca15d1e5ce70493c5c0c096ca0c76503d6da07c
URL
https://blog.wpscan.com/2020/10/30/wordpress-5.5.2-security-release.html
URL
https://threatpost.com/wordpress-patches-rce-bug/160812/

Miscellaneous

Original Researcher
Omar Ganiev
Verified
No
WPVDB ID
016774df-5031-4315-a893-a47d99273883

Timeline

Publicly Published
2020-10-29 (about 3 years ago)
Added
2020-10-29 (about 3 years ago)
Last Updated
2020-11-03 (about 3 years ago)

Other

Published
Title
Published
2022-05-24
Title
Rating by BestWebSoft < 1.6 - Rating Denial of Service
Published
2024-02-08
Title
Backuply - Backup, Restore, Migrate and Clone < 1.2.6 - Unauthenticated Denial of Service
Published
2014-08-01
Title
WordPress 3.1 - PCRE Library Remote DoS
Published
2018-02-05
Title
WordPress <= 4.9.4 - Application Denial of Service (DoS) (unpatched)
Published
2022-07-11
Title
GiveWP < 2.21.3 - DoS via CSRF