CVE-2020-28040

MEDIUM

Wordpress < 5.5.2 - CSRF

Title source: rule

Description

WordPress before 5.5.2 allows CSRF attacks that change a theme's background image.

References (7)

Scores

CVSS v3 4.3
EPSS 0.0031
EPSS Percentile 53.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Classification

CWE
CWE-352
Status published

Affected Products (6)

wordpress/wordpress < 5.5.2
debian/debian_linux
debian/debian_linux
canonical/ubuntu_linux
canonical/ubuntu_linux
canonical/ubuntu_linux

Timeline

Published Nov 02, 2020
Tracked Since Feb 18, 2026