CVE-2020-28037

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: WordPress versions prior to 5.5.2

Description: The issue is related to the is blog installed function in wp-includes/functions.php, which improperly checks if WordPress is already installed. This could allow a remote attacker to perform a new installation, leading to remote code execution and potentially causing a denial of service for the old installation.

Recommendations: For versions prior to 5.5.2, update to version 5.5.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the is blog installed function in wp-includes/functions.php to minimize the risk of exploitation.

Fix

DoS

RCE

Improper Check for Exceptional Conditions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-754CWE-20

Related Identifiers

BDU:2021-01738

BIT-WORDPRESS-2020-28037

BIT-WORDPRESS-MULTISITE-2020-28037

CVE-2020-28037

DLA-2429-1

DSA-4784-1

Affected Products

Wordpress

CVE-2020-28037

Weakness Enumeration

Related Identifiers

Affected Products

References · 25