{"containers": {"cna": {"affected": [{"product": "WordPress", "vendor": "WordPress", "versions": [{"status": "affected", "version": ">= 5.4.0, < 5.4.1"}, {"status": "affected", "version": ">= 5.3.0, < 5.3.3"}, {"status": "affected", "version": ">= 5.2.0, < 5.2.6"}, {"status": "affected", "version": ">= 5.1.0, < 5.1.5"}, {"status": "affected", "version": ">= 5.0.0, < 5.0.9"}, {"status": "affected", "version": ">= 4.9.0, < 4.9.14"}, {"status": "affected", "version": ">= 4.8.0, < 4.8.13"}, {"status": "affected", "version": ">= 4.7.0, < 4.7.17"}, {"status": "affected", "version": ">= 4.6.0, < 4.6.18"}, {"status": "affected", "version": ">= 4.5.0, < 4.5.21"}, {"status": "affected", "version": ">= 4.4.0, < 4.4.22"}, {"status": "affected", "version": ">= 4.3.0, < 4.3.23"}, {"status": "affected", "version": ">= 4.2.0, < 4.2.27"}, {"status": "affected", "version": ">= 4.1.0, < 4.1.30"}, {"status": "affected", "version": ">= 4.0.0, < 4.0.30"}, {"status": "affected", "version": ">= 3.9.0, < 3.9.31"}, {"status": "affected", "version": ">= 3.8.0, < 3.8.33"}, {"status": "affected", "version": ">= 3.7.0, < 3.7.33"}]}], "descriptions": [{"lang": "en", "value": "In affected versions of WordPress, some private posts, which were previously public, can result in unauthenticated disclosure under a specific set of conditions. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33)."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:N/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-284", "description": "CWE-284: Improper Access Control", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-05-11T15:06:02", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://wordpress.org/support/wordpress-version/version-5-4-1/#security-updates"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-xhx9-759f-6p2w"}, {"name": "DSA-4677", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2020/dsa-4677"}, {"name": "[debian-lts-announce] 20200511 [SECURITY] [DLA 2208-1] wordpress security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00011.html"}], "source": {"advisory": "GHSA-xhx9-759f-6p2w", "discovery": "UNKNOWN"}, "title": "Unauthenticated disclosure of certain private posts in WordPress", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2020-11028", "STATE": "PUBLIC", "TITLE": "Unauthenticated disclosure of certain private posts in WordPress"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "WordPress", "version": {"version_data": [{"version_value": ">= 5.4.0, < 5.4.1"}, {"version_value": ">= 5.3.0, < 5.3.3"}, {"version_value": ">= 5.2.0, < 5.2.6"}, {"version_value": ">= 5.1.0, < 5.1.5"}, {"version_value": ">= 5.0.0, < 5.0.9"}, {"version_value": ">= 4.9.0, < 4.9.14"}, {"version_value": ">= 4.8.0, < 4.8.13"}, {"version_value": ">= 4.7.0, < 4.7.17"}, {"version_value": ">= 4.6.0, < 4.6.18"}, {"version_value": ">= 4.5.0, < 4.5.21"}, {"version_value": ">= 4.4.0, < 4.4.22"}, {"version_value": ">= 4.3.0, < 4.3.23"}, {"version_value": ">= 4.2.0, < 4.2.27"}, {"version_value": ">= 4.1.0, < 4.1.30"}, {"version_value": ">= 4.0.0, < 4.0.30"}, {"version_value": ">= 3.9.0, < 3.9.31"}, {"version_value": ">= 3.8.0, < 3.8.33"}, {"version_value": ">= 3.7.0, < 3.7.33"}]}}]}, "vendor_name": "WordPress"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In affected versions of WordPress, some private posts, which were previously public, can result in unauthenticated disclosure under a specific set of conditions. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33)."}]}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:N/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-284: Improper Access Control"}]}]}, "references": {"reference_data": [{"name": "https://wordpress.org/support/wordpress-version/version-5-4-1/#security-updates", "refsource": "MISC", "url": "https://wordpress.org/support/wordpress-version/version-5-4-1/#security-updates"}, {"name": "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-xhx9-759f-6p2w", "refsource": "CONFIRM", "url": "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-xhx9-759f-6p2w"}, {"name": "DSA-4677", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2020/dsa-4677"}, {"name": "[debian-lts-announce] 20200511 [SECURITY] [DLA 2208-1] wordpress security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00011.html"}]}, "source": {"advisory": "GHSA-xhx9-759f-6p2w", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T11:21:14.277Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://wordpress.org/support/wordpress-version/version-5-4-1/#security-updates"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-xhx9-759f-6p2w"}, {"name": "DSA-4677", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2020/dsa-4677"}, {"name": "[debian-lts-announce] 20200511 [SECURITY] [DLA 2208-1] wordpress security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00011.html"}]}]}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2020-11028", "datePublished": "2020-04-30T22:15:23", "dateReserved": "2020-03-30T00:00:00", "dateUpdated": "2024-08-04T11:21:14.277Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*", "matchCriteriaId": "2E79CBDF-EE25-487C-8276-74F4928ECDFF", "versionEndExcluding": "5.4.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In affected versions of WordPress, some private posts, which were previously public, can result in unauthenticated disclosure under a specific set of conditions. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33)."}, {"lang": "es", "value": "En las versiones afectadas de WordPress, algunas publicaciones privadas, que anteriormente eran p\u00fablicas, pueden resultar en una divulgaci\u00f3n no autenticada bajo un conjunto espec\u00edfico de condiciones. Esto ha sido corregido en la versi\u00f3n 5.4.1, junto con todas las versiones afectadas anteriormente mediante una versi\u00f3n menor (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33)."}], "id": "CVE-2020-11028", "lastModified": "2024-11-21T04:56:37.367", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.3, "impactScore": 4.0, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-04-30T23:15:11.683", "references": [{"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-xhx9-759f-6p2w"}, {"source": "security-advisories@github.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00011.html"}, {"source": "security-advisories@github.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://wordpress.org/support/wordpress-version/version-5-4-1/#security-updates"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2020/dsa-4677"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-xhx9-759f-6p2w"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00011.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://wordpress.org/support/wordpress-version/version-5-4-1/#security-updates"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2020/dsa-4677"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "security-advisories@github.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-306"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}