Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2020-4047: Editor: Prevent HTML decoding on by setting the proper editor context. · WordPress/wordpress-develop@0977c0d

In affected versions of WordPress, authenticated users with upload permissions (like authors) are able to inject JavaScript into some media file attachment pages in a certain way. This can lead to script execution in the context of a higher privileged user when the file is viewed by them. This has been patched in version 5.4.2, along with all the previously affected versions via a minor release (5.3.4, 5.2.7, 5.1.6, 5.0.10, 4.9.15, 4.8.14, 4.7.18, 4.6.19, 4.5.22, 4.4.23, 4.3.24, 4.2.28, 4.1.31, 4.0.31, 3.9.32, 3.8.34, 3.7.34).

CVE
#vulnerability#git#java#wordpress#php#auth

Skip to content

    • Actions

      Automate any workflow

    • Packages

      Host and manage packages

    • Security

      Find and fix vulnerabilities

    • Codespaces

      Instant dev environments

    • Copilot

      Write better code with AI

    • Code review

      Manage code changes

    • Issues

      Plan and track work

    • Discussions

      Collaborate outside of code

*   Explore
*   All features
*   Documentation
*   GitHub Skills
*   Blog
    • For

    • Enterprise

    • Teams

    • Startups

    • Education

    • By Solution

    • CI/CD & Automation

    • DevOps

    • DevSecOps

    • Case Studies

    • Customer Stories

    • Resources

    • GitHub Sponsors

      Fund open source developers

*   The ReadME Project
    
    GitHub community articles
    

*   Repositories
*   Topics
*   Trending
*   Collections
  • Pricing

  • Notifications

  • Fork 1.7k

  • Code

  • Pull requests 866

  • Actions

  • Security

  • Insights

Permalink

Browse files

Editor: Prevent HTML decoding on by setting the proper editor context.

  • Loading branch information

Showing 1 changed file with 1 addition and 1 deletion.

@@ -3231,7 +3231,7 @@ function edit_form_image_editor( $post ) {

?>

</label>

<?php wp_editor( $post->post_content, 'attachment_content’, $editor_args ); ?>

<?php wp_editor( format_to_edit( $post->post_content ), 'attachment_content’, $editor_args ); ?>

</div>

<?php

0 comments on commit 0977c0d

Please sign in to comment.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907