CVE-2020-25286

MEDIUM5.3EPSS 0.58%

wordpress - security update

發布日:2020/9/13修改日:2026/5/27

描述

In wp-includes/comment-template.php in WordPress before 5.4.2, comments from a post or page could sometimes be seen in the latest comments even if the post or page was not public.

受影響套件(4)

Bitnami/wordpressfrom 0, < 5.4.2
Bitnami/wordpress-multisitefrom 0, < 5.4.2
Debian/wordpressfrom 0, < 5.4.2+dfsg1-1
Debian/wordpressfrom 0, < 5.0.10+dfsg1-0+deb10u1

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	MEDIUM5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

參考連結(4)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2020-25286
WEBhttps://core.trac.wordpress.org/changeset/47984
WEBhttps://nvd.nist.gov/vuln/detail/CVE-2020-25286
WEBhttps://wordpress.org/news/2020/06/wordpress-5-4-2-security-and-maintenance-release/