Unrated severityNVD Advisory· Published Oct 31, 2020· Updated Aug 4, 2024
CVE-2020-28039
CVE-2020-28039
Description
is_protected_meta in wp-includes/meta.php in WordPress before 5.5.2 allows arbitrary file deletion because it does not properly determine whether a meta key is considered protected.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4- WordPress/WordPressdescription
- osv-coords2 versions
< 5.5.2+ 1 more
- (no CPE)range: < 5.5.2
- (no CPE)range: < 5.5.2
Patches
Vulnerability mechanics
References
8- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHVNK2WYAM3ZTCXTFSEIT56IKLVJHU3/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VAVVYJKA2I6CRQUINECDPBGWMQDEG244/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VUXVUAKL2HL4QYJEPHBNVQQWRMFMII2Y/mitrevendor-advisoryx_refsource_FEDORA
- www.debian.org/security/2020/dsa-4784mitrevendor-advisoryx_refsource_DEBIAN
- github.com/WordPress/wordpress-develop/commit/d5ddd6d4be1bc9fd16b7796842e6fb26315705admitrex_refsource_MISC
- lists.debian.org/debian-lts-announce/2020/11/msg00004.htmlmitremailing-listx_refsource_MLIST
- wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/mitrex_refsource_MISC
- wpscan.com/vulnerability/10452mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.