CVE-2020-28039

CVE-2020-28039

Name

CVE-2020-28039

Description

is_protected_meta in wp-includes/meta.php in WordPress before 5.5.2 allows arbitrary file deletion because it does not properly determine whether a meta key is considered protected.

NVD Severity

high

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
Third Party Advisory	https://wpscan.com/vulnerability/10452
Release Notes	https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/
Patch	https://github.com/WordPress/wordpress-develop/commit/d5ddd6d4be1bc9fd16b7796842e6fb26315705ad
Third Party Advisory	https://lists.debian.org/debian-lts-announce/2020/11/msg00004.html
DEBIAN	https://www.debian.org/security/2020/dsa-4784
FEDORA	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHVNK2WYAM3ZTCXTFSEIT56IKLVJHU3/
FEDORA	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VUXVUAKL2HL4QYJEPHBNVQQWRMFMII2Y/
FEDORA	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VAVVYJKA2I6CRQUINECDPBGWMQDEG244/

Type

URI

Third Party Advisory

https://wpscan.com/vulnerability/10452

Release Notes

https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/

Patch

https://github.com/WordPress/wordpress-develop/commit/d5ddd6d4be1bc9fd16b7796842e6fb26315705ad

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2020/11/msg00004.html

DEBIAN

https://www.debian.org/security/2020/dsa-4784