Jonathan Desrosiers

9 exploits Active since Jun 2020
CVE-2020-28032 WRITEUP CRITICAL WRITEUP
WordPress < 5.5.2 - Deserialization of Untrusted Data in FilteredIterator
WordPress before 5.5.2 mishandles deserialization requests in wp-includes/Requests/Utility/FilteredIterator.php.
CVSS 9.8
CVE-2022-21661 WRITEUP HIGH WRITEUP
WordPress 3.7-3.7.36 - SQL Injection via WP_Query
WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to improper sanitization in WP_Query, there can be cases where SQL injection is possible through plugins or themes that use it in a certain way. This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 3.7.37. We strongly recommend that you keep auto-updates enabled. There are no known workarounds for this vulnerability.
CVSS 8.0
CVE-2020-28036 WRITEUP CRITICAL WRITEUP
WordPress < 5.5.2 - Missing Authorization via XML-RPC Comment
wp-includes/class-wp-xmlrpc-server.php in WordPress before 5.5.2 allows attackers to gain privileges by using XML-RPC to comment on a post.
CVSS 9.8
CVE-2020-28037 WRITEUP CRITICAL WRITEUP
WordPress < 5.5.2 - Remote Code Execution via Improper Installation Check
is_blog_installed in wp-includes/functions.php in WordPress before 5.5.2 improperly determines whether WordPress is already installed, which might allow an attacker to perform a new installation, leading to remote code execution (as well as a denial of service for the old installation).
CVSS 9.8
CVE-2020-28039 WRITEUP CRITICAL WRITEUP
WordPress < 5.5.2 - Arbitrary File Deletion via Improper Meta Key Protection
is_protected_meta in wp-includes/meta.php in WordPress before 5.5.2 allows arbitrary file deletion because it does not properly determine whether a meta key is considered protected.
CVSS 9.1
CVE-2020-4047 WRITEUP MEDIUM WRITEUP
WordPress 3.7-5.4.1 - Authenticated Stored Cross-Site Scripting via Media File Attachment
In affected versions of WordPress, authenticated users with upload permissions (like authors) are able to inject JavaScript into some media file attachment pages in a certain way. This can lead to script execution in the context of a higher privileged user when the file is viewed by them. This has been patched in version 5.4.2, along with all the previously affected versions via a minor release (5.3.4, 5.2.7, 5.1.6, 5.0.10, 4.9.15, 4.8.14, 4.7.18, 4.6.19, 4.5.22, 4.4.23, 4.3.24, 4.2.28, 4.1.31, 4.0.31, 3.9.32, 3.8.34, 3.7.34).
CVSS 6.8
CVE-2020-4048 WRITEUP MEDIUM WRITEUP
WordPress 3.7-3.7.33 - Open Redirect via URL Sanitization Issue
In affected versions of WordPress, due to an issue in wp_validate_redirect() and URL sanitization, an arbitrary external link can be crafted leading to unintended/open redirect when clicked. This has been patched in version 5.4.2, along with all the previously affected versions via a minor release (5.3.4, 5.2.7, 5.1.6, 5.0.10, 4.9.15, 4.8.14, 4.7.18, 4.6.19, 4.5.22, 4.4.23, 4.3.24, 4.2.28, 4.1.31, 4.0.31, 3.9.32, 3.8.34, 3.7.34).
CVSS 5.7
CVE-2020-4049 WRITEUP LOW WRITEUP
WordPress 3.7-5.4.1 - Stored Cross-Site Scripting via Theme Folder Name
In affected versions of WordPress, when uploading themes, the name of the theme folder can be crafted in a way that could lead to JavaScript execution in /wp-admin on the themes page. This does require an admin to upload the theme, and is low severity self-XSS. This has been patched in version 5.4.2, along with all the previously affected versions via a minor release (5.3.4, 5.2.7, 5.1.6, 5.0.10, 4.9.15, 4.8.14, 4.7.18, 4.6.19, 4.5.22, 4.4.23, 4.3.24, 4.2.28, 4.1.31, 4.0.31, 3.9.32, 3.8.34, 3.7.34).
CVSS 2.4
CVE-2020-4050 WRITEUP LOW WRITEUP
WordPress 3.7-5.4.1 - Arbitrary User Meta Field Injection via set-screen-option Filter Misuse
In affected versions of WordPress, misuse of the `set-screen-option` filter's return value allows arbitrary user meta fields to be saved. It does require an admin to install a plugin that would misuse the filter. Once installed, it can be leveraged by low privileged users. This has been patched in version 5.4.2, along with all the previously affected versions via a minor release (5.3.4, 5.2.7, 5.1.6, 5.0.10, 4.9.15, 4.8.14, 4.7.18, 4.6.19, 4.5.22, 4.4.23, 4.3.24, 4.2.28, 4.1.31, 4.0.31, 3.9.32, 3.8.34, 3.7.34).
CVSS 3.5