WordPress Vulnerabilities

WordPress < 5.5.2 - Cross-Site Request Forgery (CSRF) to Change Theme Background

Description

Erwan, a security researcher from the WPScan team, discovered and responsibly disclosed a Cross-Site Request Forgery (CSRF) vulnerability that could allow an unauthenticated attacker to change the background image of the theme. For a successful attack, a privileged authenticated WordPress user would need to visit a page the attack controls, for the CSRF attack to be executed.

Affects WordPress

5.5.1
Fixed in WordPress 5.5.2
5.5
Fixed in WordPress 5.5.2

References

CVE
CVE-2020-28040
URL
https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/
URL
https://github.com/WordPress/wordpress-develop/commit/cbcc595974d5aaa025ca55625bf68ef286bd8b41
URL
https://blog.wpscan.com/wordpress-5-5-2-security-release/
URL
https://hackerone.com/reports/881855

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
5.4 (medium)

Miscellaneous

Original Researcher
ErwanLR from WPScan
Verified
Yes
WPVDB ID
ebd354db-ab63-4644-891c-4a200e9eef7e

Timeline

Publicly Published
2020-10-29 (about 3 years ago)
Added
2020-10-31 (about 3 years ago)
Last Updated
2021-10-22 (about 2 years ago)

Other

Published
Title
Published
2024-03-04
Title
CM Download and File Manager < 2.9.1 - Download Edit via CSRF
Published
2023-02-28
Title
QuickSwish < 1.1.0 - Arbitrary Plugin Activation via CSRF
Published
2022-09-14
Title
Rate my Post < 3.3.5 - Cross-Site Request Forgery
Published
2023-03-28
Title
IP Blocker Lite <= 11.1.1 - Cross-Site Request Forgery
Published
2023-03-16
Title
Import External Images <= 1.4 - CSRF