Unrated severityNVD Advisory· Published Oct 31, 2020· Updated Aug 4, 2024
CVE-2020-28037
CVE-2020-28037
Description
is_blog_installed in wp-includes/functions.php in WordPress before 5.5.2 improperly determines whether WordPress is already installed, which might allow an attacker to perform a new installation, leading to remote code execution (as well as a denial of service for the old installation).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4- WordPress/WordPressdescription
- osv-coords2 versions
< 5.5.2+ 1 more
- (no CPE)range: < 5.5.2
- (no CPE)range: < 5.5.2
Patches
Vulnerability mechanics
References
8- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHVNK2WYAM3ZTCXTFSEIT56IKLVJHU3/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VAVVYJKA2I6CRQUINECDPBGWMQDEG244/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VUXVUAKL2HL4QYJEPHBNVQQWRMFMII2Y/mitrevendor-advisoryx_refsource_FEDORA
- www.debian.org/security/2020/dsa-4784mitrevendor-advisoryx_refsource_DEBIAN
- github.com/WordPress/wordpress-develop/commit/2ca15d1e5ce70493c5c0c096ca0c76503d6da07cmitrex_refsource_MISC
- lists.debian.org/debian-lts-announce/2020/11/msg00004.htmlmitremailing-listx_refsource_MLIST
- wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/mitrex_refsource_MISC
- wpscan.com/vulnerability/10450mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.