Security Advisory

CVE-2020-11025

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2020-04-30 22:10:11

Last updated 2024-08-04 11:21:14

Assigner GitHub_M

State PUBLISHED

Description

In affected versions of WordPress, a cross-site scripting (XSS) vulnerability in the navigation section of Customizer allows JavaScript code to be executed. Exploitation requires an authenticated user. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33).

← Browse all CVEs View on cve.org ↗