WRITEUP

WRITEUP

Exploit for CVE-2020-4050 - WordPress <5.4.2 - Info Disclosure

AI Analysis

This patch introduces a new filter in WordPress to extend the set-screen-option functionality, addressing a vulnerability where unauthorized screen options could be set. The change adds a conditional check for specific option patterns and applies a filter to validate or reject the option value.

Attack Type

auth_bypass

Complexity

moderate

Reliability

reliable

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

Loading exploit code...

Download ZIP Password: eip

Source

Platform Writeup

Type patch

Files 1

https://github.com/WordPress/wordpress-develop/commit/b8dea76b495f0072523106c6ec46b9ea0d2a0920

Authors

Jonathan Desrosiers

Vulnerability

CVE-2020-4050

WordPress <5.4.2 - Info Disclosure

LOW

CVSS 3.5