CVE-2019-20042
MEDIUM WAF: High
CVSS 6.1
Published: 2019-12-27
CWE-79
In wp-includes/formatting.php in WordPress 3.7 to 5.3.0, the function wp_targeted_link_rel() can be used in a particular way to result in a stored cross-site scripting (XSS) vulnerability. This has been patched in WordPress 5.3.1, along with all the previous WordPress versions from 3.7 to 5.3 via a minor release.
WAF Coverage Analysis
Cross-Site Scripting (XSS)
High WAF Coverage
OWASP: A03:2021 Injection
941xxx - XSS / XXE
Affected Software
| Vendor | Product | Version |
|---|---|---|
| wordpress | wordpress | 3.7 - 5.3.1 |
| debian | debian_linux | 9.0 |
| debian | debian_linux | 10.0 |
References
- blog.ripstech.com (Not Applicable)
- core.trac.wordpress.org (Patch)
- github.com (Patch)
- github.com (Third Party Advisory)
- hackerone.com (Third Party Advisory)
- seclists.org (Mailing List, Third Party Advisory)
- wordpress.org (Release Notes, Vendor Advisory)
- wpvulndb.com (Release Notes, Third Party Advisory)
- www.debian.org (Third Party Advisory)
- www.debian.org (Third Party Advisory)