Bitnami package
wordpress
pkg:bitnami/wordpress
Vulnerabilities (63)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-11030 | — | < 5.4.1 | 5.4.1 | Apr 30, 2020 | In affected versions of WordPress, a special payload can be crafted that can lead to scripts getting executed within the search block of the block editor. This requires an authenticated user with the ability to add content. This has been patched in version 5.4.1, along with all t | ||
| CVE-2020-11025 | — | >= 4.7.0, < 5.4.1 | 5.4.1 | Apr 30, 2020 | In affected versions of WordPress, a cross-site scripting (XSS) vulnerability in the navigation section of Customizer allows JavaScript code to be executed. Exploitation requires an authenticated user. This has been patched in version 5.4.1, along with all the previously affected | ||
| CVE-2020-11027 | — | >= 3.7.0, < 3.7.33 | 3.7.33 | Apr 30, 2020 | In affected versions of WordPress, a password reset link emailed to a user does not expire upon changing the user password. Access would be needed to the email account of the user by a malicious party for successful execution. This has been patched in version 5.4.1, along with al |
- CVE-2020-11030Apr 30, 2020affected < 5.4.1fixed 5.4.1
In affected versions of WordPress, a special payload can be crafted that can lead to scripts getting executed within the search block of the block editor. This requires an authenticated user with the ability to add content. This has been patched in version 5.4.1, along with all t
- CVE-2020-11025Apr 30, 2020affected >= 4.7.0, < 5.4.1fixed 5.4.1
In affected versions of WordPress, a cross-site scripting (XSS) vulnerability in the navigation section of Customizer allows JavaScript code to be executed. Exploitation requires an authenticated user. This has been patched in version 5.4.1, along with all the previously affected
- CVE-2020-11027Apr 30, 2020affected >= 3.7.0, < 3.7.33fixed 3.7.33
In affected versions of WordPress, a password reset link emailed to a user does not expire upon changing the user password. Access would be needed to the email account of the user by a malicious party for successful execution. This has been patched in version 5.4.1, along with al
Page 4 of 4