CVE-2020-11030

Name of the Vulnerable Software and Affected Versions WordPress versions prior to 5.4.1 WordPress versions 5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33

Description The issue is related to the render block core search function and the rss.php file in WordPress, which has inadequate protection measures for web page structures. This can be exploited by a remote attacker to impact data integrity. The exploitation requires an authenticated user with the ability to add content. A special payload can be crafted to lead to scripts getting executed within the search block of the block editor.

Recommendations For WordPress versions prior to 5.4.1, update to version 5.4.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the block editor for authenticated users until the update is applied. Avoid using the render block core search function and the rss.php file until the issue is resolved.