CVE-2020-28038

Description

WordPress before 5.5.2 allows stored XSS via post slugs.

How to fix CVE-2020-28038

To remediate CVE-2020-28038, upgrade the affected package to a fixed version below.

• Bitnami/wordpress—upgrade to 5.5.2 or later
• Bitnami/wordpress-multisite—upgrade to 5.5.2 or later
• Debian/wordpress—upgrade to 5.5.3+dfsg1-1 or later

Is CVE-2020-28038 being exploited?

Moderate — EPSS is 17.6%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (3)

• from 0, < 5.5.2
• from 0, < 5.5.2
• from 0, < 5.5.3+dfsg1-1

CVSS scores

References (9)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2020-28038
• WEBblog.ripstech.com
• WEBlists.debian.org/debian-lts-announce/2020/11/msg00004.html
• WEBlists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHVNK2WYAM3ZTCXTFSEIT56IKLVJHU3/