set-screen-option filter misuse by plugins leading to privilege escalation in WordPress

CVE-2020-4050

3.5LOW

Key Information

Vendor: WordPress
Status: WordPress-develop
Vendor: CVE Published:; 12 June 2020

Summary

In affected versions of WordPress, misuse of the `set-screen-option` filter's return value allows arbitrary user meta fields to be saved. It does require an admin to install a plugin that would misuse the filter. Once installed, it can be leveraged by low privileged users. This has been patched in version 5.4.2, along with all the previously affected versions via a minor release (5.3.4, 5.2.7, 5.1.6, 5.0.10, 4.9.15, 4.8.14, 4.7.18, 4.6.19, 4.5.22, 4.4.23, 4.3.24, 4.2.28, 4.1.31, 4.0.31, 3.9.32, 3.8.34, 3.7.34).

Affected Version(s)

wordpress-develop < 5.4.0, 5.4.2

wordpress-develop < 5.3.0, 5.3.4

wordpress-develop < 5.2.0, 5.2.7

CVSS V3.1

Score:

3.5

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Risk change from: 3.1 to: 3.5 - (LOW)
Feb 22, 2024
Vulnerability published.
Jun 12, 2020
Vulnerability Reserved.
Dec 30, 2019

Collectors

NVD DatabaseMitre Database