Skip to content

WordPress: Unauthenticated disclosure of certain private posts

Low
ehti published GHSA-xhx9-759f-6p2w Apr 30, 2020

Package

No package listed

Affected versions

3.7 - 5.4

Patched versions

5.4.1

Description

Impact

Some private posts, which were previously public, can result in unauthenticated disclosure under a specific set of conditions.

Patches

This has been patched in WordPress 5.4.1, along with all the previously affected versions via a minor release. Automatic updates are enabled by default for minor releases and we strongly recommend that you keep them enabled.

For more information

If you have any questions or comments about this advisory:

Severity

Low

CVE ID

CVE-2020-11028

Weaknesses

No CWEs