Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2020-11029: WordPress: Cross-site scripting in stats method (object cache)

In affected versions of WordPress, a vulnerability in the stats() method of class-wp-object-cache.php can be exploited to execute cross-site scripting (XSS) attacks. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33).

CVE
#xss#vulnerability#wordpress#php

Impact

A vulnerability in the stats() method of class-wp-object-cache.php can be exploited to execute cross-site scripting (XSS) attacks.

Patches

This has been patched in WordPress 5.4.1, along with all the previously affected versions via a minor release. Automatic updates are enabled by default for minor releases and we strongly recommend that you keep them enabled.

For more information

If you have any questions or comments about this advisory:

  • Open an issue on HackerOne

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907