CVE-2020-4046

< back to advisories

CVE ID – CVE-2020-4046

CVSS SCORE – 5.4 (AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)

AFFECTED VENDORS – WordPress

AFFECTED PRODUCTS – Version 5.4 and earlier

VULNERABILITY DETAILS – an XSS issue where authenticated users with low privileges are able to add JavaScript to posts in the block editor

ADVICE – Pentest recommend updating to version 5.4.2 to address the vulnerability

CREDIT – Sam Thomas 

read the indepth research on CVE-2020-4046 >

How can we support you?

Contact our team today to find out how we can help support your organization.

Contact us >
CREST | Pentest Limited
OSCP

/contact

Twitter Linkedin Github Youtube

/services

/about

/links

Pentest Limited is registered in England and Wales with company number 11925182

Registered address: 22 Great James Street, London, WC1N 3ES

VAT registration No: 331802826​

© Pentest Limited 2022. All rights reserved.