CVE-2020-11028 MEDIUM

CVE-2020-11028: Unauthenticated disclosure of certain private posts in WordPress

Vendor Wordpress
Product WordPress
Weakness CWE-284
Published April 30, 2020
Last update August 4, 2024
View on NVD All CVEs

CVSS base score

5.8/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction Required
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:N/A:N

What the vulnerability does

01Description

In affected versions of WordPress, some private posts, which were previously public, can result in unauthenticated disclosure under a specific set of conditions. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33).

Key dates

02Disclosure timeline

April 30, 2020 CVE published
August 4, 2024 Record updated