CVE-2020-13487

4.8MEDIUM

Key Information:

Vendor
Wordpress
Status
Bbpress
Vendor
CVE Published:
26 May 2020

Summary

The bbPress plugin through 2.6.4 for WordPress has stored XSS in the Forum creation section, resulting in JavaScript execution at wp-admin/edit.php?post_type=forum (aka the Forum listing page) for all users. An administrator can exploit this at the wp-admin/post.php?action=edit URI.

References

https://codex.bbpress.org/releases/
x_refsource_MISC
https://wordpress.org/plugins/bbpress/#developers
x_refsource_MISC
https://bbpress.org/
x_refsource_MISC

CVSS V3.1

Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.