CVE-2020-28036

Name of the Vulnerable Software and Affected Versions: WordPress versions prior to 5.5.2

Description: The issue is related to a lack of privilege management mechanism in the wp-includes/class-wp-xmlrpc-server.php component of the WordPress content management system. This allows attackers to gain privileges by using XML-RPC to comment on a post, potentially enabling remote attackers to access confidential data, compromise data integrity, and cause a denial of service.

Recommendations: For versions prior to 5.5.2, update to version 5.5.2 or later to resolve the issue. As a temporary workaround, consider disabling the XML-RPC functionality until a patch is available. Restrict access to the wp-includes/class-wp-xmlrpc-server.php component to minimize the risk of exploitation.