CVE-2020-11028

Name of the Vulnerable Software and Affected Versions WordPress versions prior to 5.4.1 WordPress versions 5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33

Description In affected versions of WordPress, some private posts, which were previously public, can result in unauthenticated disclosure under a specific set of conditions. The vulnerability is related to the parse query method in the class-wp-query.php file and is associated with a lack of protection for service data. This may allow a remote attacker to gain access to confidential data.

Recommendations For versions prior to 5.4.1, update to version 5.4.1 or later to resolve the issue. For versions 5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33, consider updating to a newer version that includes the security patch. As a temporary workaround, consider restricting access to private posts until the issue is resolved.