CVE-2020-28034

Description

WordPress before 5.5.2 allows XSS associated with global variables.

How to fix CVE-2020-28034

To remediate CVE-2020-28034, upgrade the affected package to a fixed version below.

• Bitnami/wordpress—upgrade to 5.5.2 or later
• Bitnami/wordpress-multisite—upgrade to 5.5.2 or later
• Debian/wordpress—upgrade to 5.5.3+dfsg1-1 or later

Is CVE-2020-28034 being exploited?

Low — EPSS is 2.7%, meaning exploitation activity has not been observed at scale.

Affected packages (3)

• from 0, < 5.5.2
• from 0, < 5.5.2
• from 0, < 5.5.3+dfsg1-1

CVSS scores

References (8)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2020-28034
• WEBlists.debian.org/debian-lts-announce/2020/11/msg00004.html
• WEBlists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHVNK2WYAM3ZTCXTFSEIT56IKLVJHU3/
• WEB