[Git][security-tracker-team/security-tracker][master] Add new wordpress issues

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0fdd9726 by Salvatore Bonaccorso at 2020-10-31T09:20:05+01:00
Add new wordpress issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,21 +1,39 @@
 CVE-2020-28040 (WordPress before 5.5.2 allows CSRF attacks that change a theme's backg ...)
-	TODO: check
+	- wordpress <unfixed>
+	NOTE: https://blog.wpscan.com/2020/10/30/wordpress-5.5.2-security-release.html
+	NOTE: https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/
 CVE-2020-28039 (is_protected_meta in wp-includes/meta.php in WordPress before 5.5.2 al ...)
-	TODO: check
+	- wordpress <unfixed>
+	NOTE: https://github.com/WordPress/wordpress-develop/commit/d5ddd6d4be1bc9fd16b7796842e6fb26315705ad
+	NOTE: https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/
+	NOTE: https://wpscan.com/vulnerability/10452
 CVE-2020-28038 (WordPress before 5.5.2 allows stored XSS via post slugs. ...)
-	TODO: check
+	- wordpress <unfixed>
+	NOTE: https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/
 CVE-2020-28037 (is_blog_installed in wp-includes/functions.php in WordPress before 5.5 ...)
-	TODO: check
+	- wordpress <unfixed>
+	NOTE: https://github.com/WordPress/wordpress-develop/commit/2ca15d1e5ce70493c5c0c096ca0c76503d6da07c
+	NOTE: https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/
+	NOTE: https://wpscan.com/vulnerability/10450
 CVE-2020-28036 (wp-includes/class-wp-xmlrpc-server.php in WordPress before 5.5.2 allow ...)
-	TODO: check
+	- wordpress <unfixed>
+	NOTE: https://github.com/WordPress/wordpress-develop/commit/c9e6b98968025b1629015998d12c3102165a7d32
+	NOTE: https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/
+	NOTE: https://wpscan.com/vulnerability/10449
 CVE-2020-28035 (WordPress before 5.5.2 allows attackers to gain privileges via XML-RPC ...)
-	TODO: check
+	- wordpress <unfixed>
+	NOTE: https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/
 CVE-2020-28034 (WordPress before 5.5.2 allows XSS associated with global variables. ...)
-	TODO: check
+	- wordpress <unfixed>
+	NOTE: https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/
 CVE-2020-28033 (WordPress before 5.5.2 mishandles embeds from disabled sites on a mult ...)
-	TODO: check
+	- wordpress <unfixed>
+	NOTE: https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/
 CVE-2020-28032 (WordPress before 5.5.2 mishandles deserialization requests in wp-inclu ...)
-	TODO: check
+	- wordpress <unfixed>
+	NOTE: https://github.com/WordPress/wordpress-develop/commit/add6bedf3a53b647d0ebda2970057912d3cd79d3
+	NOTE: https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/
+	NOTE: https://wpscan.com/vulnerability/10446
 CVE-2020-28031 (eramba through c2.8.1 allows HTTP Host header injection with (for exam ...)
 	TODO: check
 CVE-2020-28030 (In Wireshark 3.2.0 to 3.2.7, the GQUIC dissector could crash. This was ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0fdd9726565e3bfa98355d5bfb0d3a59ffbee582

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0fdd9726565e3bfa98355d5bfb0d3a59ffbee582
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201031/b86126f7/attachment.html>