ThreatPress

WordPress Vulnerabilities Database

Back

WordPress <= 5.3 - wp_kses_bad_protocol() Colon Bypass vulnerability

Product
WordPress
Description
wp_kses_bad_protocol() Colon Bypass vulnerability found by WordPress.org Security Team in WordPress (versions <= 5.3).
Solution
Update the WordPress to the latest available version (at least 5.3.1)
Classification
Type XSS (Cross Site Scripting)
OWASP Top 10 A3: Cross Site Scripting (XSS)
References
Version log
CVE
Name CVE-2019-20041
Versions
Affected In <= 5.3
Fixed In 5.3.1
Disclosure date
2020-01-06
Credits
WordPress.org Security Team
Submitter
ThreatPress