ThreatPress

WordPress Vulnerability Database

Back

WordPress <= 5.5.1 - Bypass Protected Meta That Could Lead To Arbitrary File Deletion vulnerability

Product
WordPress
Description
Bypass Protected Meta That Could Lead To Arbitrary File Deletion vulnerability found by Slavco Mihajloski (mslavco) in WordPress (versions <= 5.5.1).
Solution
Update the WordPress to the latest available version (at least 5.5.2).
Classification
Type BYPASS
OWASP Top 10 A5: Security Misconfiguration
References
Vulnerability fix details
WordPress release information
CVE
Name CVE-2020-28039
Versions
Affected In <= 5.5.1
Fixed In 5.5.2
Disclosure date
2020-10-29
Credits
Slavco Mihajloski (mslavco)