WordPress Vulnerabilities

WordPress < 5.5.2 - Disable Spam Embeds from Disabled Sites on a Multisite Network

Description

The release notes state:

"Props to David Binovec on a fix to disable spam embeds from disabled sites on a multisite network."

Affects WordPress

5.5.1
Fixed in WordPress 5.5.2
5.5
Fixed in WordPress 5.5.2

References

CVE
CVE-2020-28033
URL
https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/
URL
https://blog.wpscan.com/2020/10/30/wordpress-5.5.2-security-release.html

Miscellaneous

Original Researcher
David Binovec
Verified
No
WPVDB ID
a1941f4f-6adb-41e9-b47f-6eddd6f6a04a

Timeline

Publicly Published
2020-10-29 (about 3 years ago)
Added
2020-10-29 (about 3 years ago)
Last Updated
2020-11-02 (about 3 years ago)

Other

Published
Title
Published
2019-03-21
Title
Social Warfare <= 3.5.2 - Unauthenticated Arbitrary Settings Update
Published
2014-08-01
Title
WordPress 3.7.1 & 3.8.1 - Privilege Escalation
Published
2015-06-12
Title
Zip Attachments < 1.5 - Arbitrary File Download
Published
2018-12-08
Title
CSS & JavaScript Toolbox <= 8.4.1 - Database backup Disclosure
Published
2015-07-18
Title
WordPress Mobile Pack <= 2.1.2 - Information Disclosure