First published: Sat Oct 31 2020(Updated: )
WordPress before 5.5.2 allows CSRF attacks that change a theme's background image.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
debian/wordpress | 5.0.15+dfsg1-0+deb10u1 5.0.19+dfsg1-0+deb10u1 5.7.8+dfsg1-0+deb11u2 6.1.1+dfsg1-1 6.3.1+dfsg1-1 | |
WordPress WordPress | <5.5.2 | |
Debian Debian Linux | =9.0 | |
Debian Debian Linux | =10.0 | |
Canonical Ubuntu Linux | =16.04 | |
Canonical Ubuntu Linux | =18.04 | |
Canonical Ubuntu Linux | =20.04 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-28040 is a vulnerability in WordPress before version 5.5.2 that allows CSRF attacks to change a theme's background image.
CVE-2020-28040 has a severity level of 4.3 (medium).
CVE-2020-28040 allows CSRF attacks to change a theme's background image, which could potentially impact the appearance and functionality of a WordPress website.
To fix CVE-2020-28040, users should update their WordPress installations to version 5.5.2 or later, as this version includes a security fix for the vulnerability.
You can find more information about CVE-2020-28040 on the WordPress official website, the WPScan blog, and the Debian security tracker.