CVE-2020-28035

CRITICAL

WordPress <5.5.2 - Privilege Escalation

Title source: llm

WordPress before 5.5.2 allows attackers to gain privileges via XML-RPC.

Core 6

Core References

Release Notes, Vendor Advisory x_refsource_misc

Mailing List, Third Party Advisory mailing-list x_refsource_mlist

Third Party Advisory vendor-advisory x_refsource_debian

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

CVSS v3 9.8

EPSS 0.0656

EPSS Percentile 91.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Status published

Products (5)

debian/debian_linux 10.0

fedoraproject/fedora 31

fedoraproject/fedora 32

fedoraproject/fedora 33

wordpress/wordpress < 5.5.2

Published Nov 02, 2020

Tracked Since Feb 18, 2026