WordPress < 5.4.2 – Authenticated XSS via Media Files | CVE 2020-4047

Affects WordPress

5.4.1

Fixed in WordPress 5.4.2

5.4

Fixed in WordPress 5.4.2

5.3.3

Fixed in WordPress 5.3.4

5.3.2

Fixed in WordPress 5.3.4

5.3.1

Fixed in WordPress 5.3.4

5.3

Fixed in WordPress 5.3.4

5.2.6

Fixed in WordPress 5.2.7

5.2.5

Fixed in WordPress 5.2.7

5.2.4

Fixed in WordPress 5.2.7

5.2.3

Fixed in WordPress 5.2.7

5.2.2

Fixed in WordPress 5.2.7

5.2.1

Fixed in WordPress 5.2.7

5.2

Fixed in WordPress 5.2.7

5.1.5

Fixed in WordPress 5.1.6

5.1.4

Fixed in WordPress 5.1.6

5.1.3

Fixed in WordPress 5.1.6

5.1.2

Fixed in WordPress 5.1.6

5.1.1

Fixed in WordPress 5.1.6

5.1

Fixed in WordPress 5.1.6

5.0.1

Fixed in WordPress 5.0.10

5.0

Fixed in WordPress 5.0.10

4.9.14

Fixed in WordPress 4.9.15

4.9.13

Fixed in WordPress 4.9.15

4.9.12

Fixed in WordPress 4.9.15

4.9.11

Fixed in WordPress 4.9.15

4.9.10

Fixed in WordPress 4.9.15

4.9.1

Fixed in WordPress 4.9.15

4.9

Fixed in WordPress 4.9.15

4.8.13

Fixed in WordPress 4.8.14

4.8.12

Fixed in WordPress 4.8.14

4.8.11

Fixed in WordPress 4.8.14

4.8.10

Fixed in WordPress 4.8.14

4.8.1

Fixed in WordPress 4.8.14

4.8

Fixed in WordPress 4.8.14

4.7.17

Fixed in WordPress 4.7.18

4.7.16

Fixed in WordPress 4.7.18

4.7.15

Fixed in WordPress 4.7.18

4.7.14

Fixed in WordPress 4.7.18

4.7.13

Fixed in WordPress 4.7.18

4.7.12

Fixed in WordPress 4.7.18

4.7.11

Fixed in WordPress 4.7.18

4.7.10

Fixed in WordPress 4.7.18

4.7.1

Fixed in WordPress 4.7.18

4.7

Fixed in WordPress 4.7.18

4.6.18

Fixed in WordPress 4.6.19

4.6.17

Fixed in WordPress 4.6.19

4.6.16

Fixed in WordPress 4.6.19

4.6.15

Fixed in WordPress 4.6.19

4.6.14

Fixed in WordPress 4.6.19

4.6.13

Fixed in WordPress 4.6.19

4.6.12

Fixed in WordPress 4.6.19

4.6.11

Fixed in WordPress 4.6.19

4.6.10

Fixed in WordPress 4.6.19

4.6.1

Fixed in WordPress 4.6.19

4.6

Fixed in WordPress 4.6.19

4.5.21

Fixed in WordPress 4.5.22

4.5.20

Fixed in WordPress 4.5.22

4.5.2

Fixed in WordPress 4.5.22

4.5.19

Fixed in WordPress 4.5.22

4.5.18

Fixed in WordPress 4.5.22

4.5.17

Fixed in WordPress 4.5.22

4.5.16

Fixed in WordPress 4.5.22

4.5.15

Fixed in WordPress 4.5.22

4.5.14

Fixed in WordPress 4.5.22

4.5.13

Fixed in WordPress 4.5.22

4.5.12

Fixed in WordPress 4.5.22

4.5.11

Fixed in WordPress 4.5.22

4.5.10

Fixed in WordPress 4.5.22

4.5.1

Fixed in WordPress 4.5.22

4.5

Fixed in WordPress 4.5.22

4.4.22

Fixed in WordPress 4.4.23

4.4.21

Fixed in WordPress 4.4.23

4.4.20

Fixed in WordPress 4.4.23

4.4.2

Fixed in WordPress 4.4.23

4.4.19

Fixed in WordPress 4.4.23

4.4.18

Fixed in WordPress 4.4.23

4.4.17

Fixed in WordPress 4.4.23

4.4.16

Fixed in WordPress 4.4.23

4.4.15

Fixed in WordPress 4.4.23

4.4.14

Fixed in WordPress 4.4.23

4.4.13

Fixed in WordPress 4.4.23

4.4.12

Fixed in WordPress 4.4.23

4.4.11

Fixed in WordPress 4.4.23

4.4.10

Fixed in WordPress 4.4.23

4.4.1

Fixed in WordPress 4.4.23

4.4

Fixed in WordPress 4.4.23

4.3.23

Fixed in WordPress 4.3.24

4.3.22

Fixed in WordPress 4.3.24

4.3.21

Fixed in WordPress 4.3.24

4.3.20

Fixed in WordPress 4.3.24

4.3.2

Fixed in WordPress 4.3.24

4.3.19

Fixed in WordPress 4.3.24

4.3.18

Fixed in WordPress 4.3.24

4.3.17

Fixed in WordPress 4.3.24

4.3.16

Fixed in WordPress 4.3.24

4.3.15

Fixed in WordPress 4.3.24

4.3.14

Fixed in WordPress 4.3.24

4.3.13

Fixed in WordPress 4.3.24

4.3.12

Fixed in WordPress 4.3.24

4.3.11

Fixed in WordPress 4.3.24

4.3.10

Fixed in WordPress 4.3.24

4.3.1

Fixed in WordPress 4.3.24

4.3

Fixed in WordPress 4.3.24

4.2.27

Fixed in WordPress 4.2.28

4.2.26

Fixed in WordPress 4.2.28

4.2.25

Fixed in WordPress 4.2.28

4.2.24

Fixed in WordPress 4.2.28

4.2.23

Fixed in WordPress 4.2.28

4.2.22

Fixed in WordPress 4.2.28

4.2.21

Fixed in WordPress 4.2.28

4.2.20

Fixed in WordPress 4.2.28

4.2.2

Fixed in WordPress 4.2.28

4.2.19

Fixed in WordPress 4.2.28

4.2.18

Fixed in WordPress 4.2.28

4.2.17

Fixed in WordPress 4.2.28

4.2.16

Fixed in WordPress 4.2.28

4.2.15

Fixed in WordPress 4.2.28

4.2.14

Fixed in WordPress 4.2.28

4.2.13

Fixed in WordPress 4.2.28

4.2.12

Fixed in WordPress 4.2.28

4.2.11

Fixed in WordPress 4.2.28

4.2.10

Fixed in WordPress 4.2.28

4.2.1

Fixed in WordPress 4.2.28

4.2

Fixed in WordPress 4.2.28

4.1.30

Fixed in WordPress 4.1.31

4.1.3

Fixed in WordPress 4.1.31

4.1.29

Fixed in WordPress 4.1.31

4.1.28

Fixed in WordPress 4.1.31

4.1.27

Fixed in WordPress 4.1.31

4.1.26

Fixed in WordPress 4.1.31

4.1.25

Fixed in WordPress 4.1.31

4.1.24

Fixed in WordPress 4.1.31

4.1.23

Fixed in WordPress 4.1.31

4.1.22

Fixed in WordPress 4.1.31

4.1.21

Fixed in WordPress 4.1.31

4.1.20

Fixed in WordPress 4.1.31

4.1.2

Fixed in WordPress 4.1.31

4.1.19

Fixed in WordPress 4.1.31

4.1.18

Fixed in WordPress 4.1.31

4.1.17

Fixed in WordPress 4.1.31

4.1.16

Fixed in WordPress 4.1.31

4.1.15

Fixed in WordPress 4.1.31

4.1.14

Fixed in WordPress 4.1.31

4.1.13

Fixed in WordPress 4.1.31

4.1.12

Fixed in WordPress 4.1.31

4.1.11

Fixed in WordPress 4.1.31

4.1.10

Fixed in WordPress 4.1.31

4.1.1

Fixed in WordPress 4.1.31

4.1

Fixed in WordPress 4.1.31

4.0.30

Fixed in WordPress 4.0.31

4.0.3

Fixed in WordPress 4.0.31

4.0.29

Fixed in WordPress 4.0.31

4.0.28

Fixed in WordPress 4.0.31

4.0.27

Fixed in WordPress 4.0.31

4.0.26

Fixed in WordPress 4.0.31

4.0.25

Fixed in WordPress 4.0.31

4.0.24

Fixed in WordPress 4.0.31

4.0.23

Fixed in WordPress 4.0.31

4.0.22

Fixed in WordPress 4.0.31

4.0.21

Fixed in WordPress 4.0.31

4.0.20

Fixed in WordPress 4.0.31

4.0.2

Fixed in WordPress 4.0.31

4.0.19

Fixed in WordPress 4.0.31

4.0.18

Fixed in WordPress 4.0.31

4.0.17

Fixed in WordPress 4.0.31

4.0.16

Fixed in WordPress 4.0.31

4.0.15

Fixed in WordPress 4.0.31

4.0.14

Fixed in WordPress 4.0.31

4.0.13

Fixed in WordPress 4.0.31

4.0.12

Fixed in WordPress 4.0.31

4.0.11

Fixed in WordPress 4.0.31

4.0.10

Fixed in WordPress 4.0.31

4.0.1

Fixed in WordPress 4.0.31

4.0

Fixed in WordPress 4.0.31

3.9.31

Fixed in WordPress 3.9.32

3.9.30

Fixed in WordPress 3.9.32

3.9.3

Fixed in WordPress 3.9.32

3.9.29

Fixed in WordPress 3.9.32

3.9.28

Fixed in WordPress 3.9.32

3.9.27

Fixed in WordPress 3.9.32

3.9.26

Fixed in WordPress 3.9.32

3.9.25

Fixed in WordPress 3.9.32

3.9.24

Fixed in WordPress 3.9.32

3.9.23

Fixed in WordPress 3.9.32

3.9.22

Fixed in WordPress 3.9.32

3.9.21

Fixed in WordPress 3.9.32

3.9.20

Fixed in WordPress 3.9.32

3.9.2

Fixed in WordPress 3.9.32

3.9.19

Fixed in WordPress 3.9.32

3.9.18

Fixed in WordPress 3.9.32

3.9.17

Fixed in WordPress 3.9.32

3.9.16

Fixed in WordPress 3.9.32

3.9.15

Fixed in WordPress 3.9.32

3.9.14

Fixed in WordPress 3.9.32

3.9.13

Fixed in WordPress 3.9.32

3.9.12

Fixed in WordPress 3.9.32

3.9.11

Fixed in WordPress 3.9.32

3.9.10

Fixed in WordPress 3.9.32

3.9.1

Fixed in WordPress 3.9.32

3.9

Fixed in WordPress 3.9.32

3.8.33

Fixed in WordPress 3.8.34

3.8.32

Fixed in WordPress 3.8.34

3.8.31

Fixed in WordPress 3.8.34

3.8.30

Fixed in WordPress 3.8.34

3.8.3

Fixed in WordPress 3.8.34

3.8.29

Fixed in WordPress 3.8.34

3.8.28

Fixed in WordPress 3.8.34

3.8.27

Fixed in WordPress 3.8.34

3.8.26

Fixed in WordPress 3.8.34

3.8.25

Fixed in WordPress 3.8.34

3.8.24

Fixed in WordPress 3.8.34

3.8.23

Fixed in WordPress 3.8.34

3.8.22

Fixed in WordPress 3.8.34

3.8.21

Fixed in WordPress 3.8.34

3.8.20

Fixed in WordPress 3.8.34

3.8.2

Fixed in WordPress 3.8.34

3.8.19

Fixed in WordPress 3.8.34

3.8.18

Fixed in WordPress 3.8.34

3.8.17

Fixed in WordPress 3.8.34

3.8.16

Fixed in WordPress 3.8.34

3.8.15

Fixed in WordPress 3.8.34

3.8.14

Fixed in WordPress 3.8.34

3.8.13

Fixed in WordPress 3.8.34

3.8.12

Fixed in WordPress 3.8.34

3.8.11

Fixed in WordPress 3.8.34

3.8.10

Fixed in WordPress 3.8.34

3.8.1

Fixed in WordPress 3.8.34

3.8

Fixed in WordPress 3.8.34

3.7.33

Fixed in WordPress 3.7.34

3.7.32

Fixed in WordPress 3.7.34

3.7.31

Fixed in WordPress 3.7.34

3.7.30

Fixed in WordPress 3.7.34

3.7.3

Fixed in WordPress 3.7.34

3.7.29

Fixed in WordPress 3.7.34

3.7.28

Fixed in WordPress 3.7.34

3.7.27

Fixed in WordPress 3.7.34

3.7.26

Fixed in WordPress 3.7.34

3.7.25

Fixed in WordPress 3.7.34

3.7.24

Fixed in WordPress 3.7.34

3.7.23

Fixed in WordPress 3.7.34

3.7.22

Fixed in WordPress 3.7.34

3.7.21

Fixed in WordPress 3.7.34

3.7.20

Fixed in WordPress 3.7.34

3.7.2

Fixed in WordPress 3.7.34

3.7.19

Fixed in WordPress 3.7.34

3.7.18

Fixed in WordPress 3.7.34

3.7.17

Fixed in WordPress 3.7.34

3.7.16

Fixed in WordPress 3.7.34

3.7.15

Fixed in WordPress 3.7.34

3.7.14

Fixed in WordPress 3.7.34

3.7.13

Fixed in WordPress 3.7.34

3.7.12

Fixed in WordPress 3.7.34

3.7.11

Fixed in WordPress 3.7.34

3.7.10

Fixed in WordPress 3.7.34

3.7.1

Fixed in WordPress 3.7.34

3.7

Fixed in WordPress 3.7.34

References

CVE

CVE-2020-4047

URL

https://wordpress.org/news/2020/06/wordpress-5-4-2-security-and-maintenance-release/

URL

https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-8q2w-5m27-wm27

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

6.3 (medium)

Miscellaneous

Original Researcher

Luigi (gubello.me)

Verified

WPVDB ID

741d07d1-2476-430a-b82f-e1228a9343a4

Timeline

Publicly Published

2020-06-11 (about 3 years ago)

Added

2020-06-11 (about 3 years ago)

Last Updated

2020-06-13 (about 3 years ago)

Other

Published

Title

Published

2023-10-12

Title

PDF Block <= 1.1.0 - Contributor+ Stored XSS

Published

2017-12-10

Title

SagePay Server Gateway for WooCommerce <= 1.0.8 - Unauthenticated Cross-Site Scripting (XSS)

Published

2016-04-13

Title

Pondol Form to Mail <= 1.1 - Unauthenticated Reflected Cross-Site Scripting (XSS)

Published

2024-02-05

Title

Woocommerce Vietnam Checkout < 2.0.8 - Authenticated (Shop manager+) Stored Cross-Site Scripting

Published

2021-12-01

Title

Booster for WooCommerce < 5.4.9 - Reflected Cross-Site Scripting in General Module