Medium severity6.4NVD Advisory· Published Apr 30, 2020· Updated Jun 17, 2026
CVE-2020-11030
CVE-2020-11030
Description
In affected versions of WordPress, a special payload can be crafted that can lead to scripts getting executed within the search block of the block editor. This requires an authenticated user with the ability to add content. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4(expand)+ 1 more
- (no CPE)
- (no CPE)range: >= 5.4.0, < 5.4.1
- osv-coords2 versions
< 5.4.1+ 1 more
- (no CPE)range: < 5.4.1
- (no CPE)range: < 5.4.1
Patches
Vulnerability mechanics
References
3- github.com/WordPress/wordpress-develop/security/advisories/GHSA-vccm-6gmc-qhjhnvdThird Party Advisory
- wordpress.org/support/wordpress-version/version-5-4-1/nvdRelease NotesVendor Advisory
- www.debian.org/security/2020/dsa-4677nvdThird Party Advisory
News mentions
0No linked articles in our index yet.