CVE-2020-11029

Name of the Vulnerable Software and Affected Versions WordPress versions prior to 5.4.1 WordPress versions 5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33

Description A vulnerability in the stats() method of class-wp-object-cache.php can be exploited to execute cross-site scripting (XSS) attacks. This issue is related to insufficient protection measures for web page structures, allowing a remote attacker to impact data integrity.

Recommendations For versions prior to 5.4.1, update to version 5.4.1 or later to resolve the issue. For versions 5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33, consider updating to a newer version that includes the patch. As a temporary workaround, consider disabling the stats() method in class-wp-object-cache.php until a patch is available.