"-Synchronized-Data."

2025-06-12 02:05:39 +00:00 · 2020-06-12 17:01:31 +00:00 · 2020-06-12 17:01:31 +00:00 · 45b3da52ae
commit 45b3da52ae
parent 7e8bfe6618
4 changed files with 24 additions and 24 deletions
--- a/2020/4xxx/CVE-2020-4047.json
+++ b/2020/4xxx/CVE-2020-4047.json
@ -86,7 +86,7 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "In affected versions of WordPress, authenticated users with upload permissions (like authors) are able to inject JavaScript into some media file attachment pages in a certain way. This can lead to script execution in the context of a higher privileged user when the file is viewed by them.\n\nThis has been patched in version 5.4.2, along with all the previously affected versions via a minor release (5.3.4, 5.2.7, 5.1.6, 5.0.10, 4.9.15, 4.8.14, 4.7.18, 4.6.19, 4.5.22, 4.4.23, 4.3.24, 4.2.28, 4.1.31, 4.0.31, 3.9.32, 3.8.34, 3.7.34)."
+                "value": "In affected versions of WordPress, authenticated users with upload permissions (like authors) are able to inject JavaScript into some media file attachment pages in a certain way. This can lead to script execution in the context of a higher privileged user when the file is viewed by them. This has been patched in version 5.4.2, along with all the previously affected versions via a minor release (5.3.4, 5.2.7, 5.1.6, 5.0.10, 4.9.15, 4.8.14, 4.7.18, 4.6.19, 4.5.22, 4.4.23, 4.3.24, 4.2.28, 4.1.31, 4.0.31, 3.9.32, 3.8.34, 3.7.34)."
            }
        ]
    },
@ -120,6 +120,11 @@
    },
    "references": {
        "reference_data": [
+            {
+                "name": "https://wordpress.org/news/2020/06/wordpress-5-4-2-security-and-maintenance-release/",
+                "refsource": "MISC",
+                "url": "https://wordpress.org/news/2020/06/wordpress-5-4-2-security-and-maintenance-release/"
+            },
            {
                "name": "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-8q2w-5m27-wm27",
                "refsource": "CONFIRM",
@ -129,11 +134,6 @@
                "name": "https://github.com/WordPress/wordpress-develop/commit/0977c0d6b241479ecedfe19e96be69f727c3f81f",
                "refsource": "MISC",
                "url": "https://github.com/WordPress/wordpress-develop/commit/0977c0d6b241479ecedfe19e96be69f727c3f81f"
-            },
-            {
-                "name": "https://wordpress.org/news/2020/06/wordpress-5-4-2-security-and-maintenance-release/",
-                "refsource": "MISC",
-                "url": "https://wordpress.org/news/2020/06/wordpress-5-4-2-security-and-maintenance-release/"
            }
        ]
    },
--- a/2020/4xxx/CVE-2020-4048.json
+++ b/2020/4xxx/CVE-2020-4048.json
@ -86,7 +86,7 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "In affected versions of WordPress, due to an issue in wp_validate_redirect() and URL sanitization, an arbitrary external link can be crafted leading to unintended/open redirect when clicked.\n\nThis has been patched in version 5.4.2, along with all the previously affected versions via a minor release (5.3.4, 5.2.7, 5.1.6, 5.0.10, 4.9.15, 4.8.14, 4.7.18, 4.6.19, 4.5.22, 4.4.23, 4.3.24, 4.2.28, 4.1.31, 4.0.31, 3.9.32, 3.8.34, 3.7.34).  "
+                "value": "In affected versions of WordPress, due to an issue in wp_validate_redirect() and URL sanitization, an arbitrary external link can be crafted leading to unintended/open redirect when clicked. This has been patched in version 5.4.2, along with all the previously affected versions via a minor release (5.3.4, 5.2.7, 5.1.6, 5.0.10, 4.9.15, 4.8.14, 4.7.18, 4.6.19, 4.5.22, 4.4.23, 4.3.24, 4.2.28, 4.1.31, 4.0.31, 3.9.32, 3.8.34, 3.7.34)."
            }
        ]
    },
@ -120,6 +120,11 @@
    },
    "references": {
        "reference_data": [
+            {
+                "name": "https://wordpress.org/news/2020/06/wordpress-5-4-2-security-and-maintenance-release/",
+                "refsource": "MISC",
+                "url": "https://wordpress.org/news/2020/06/wordpress-5-4-2-security-and-maintenance-release/"
+            },
            {
                "name": "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-q6pw-gvf4-5fj5",
                "refsource": "CONFIRM",
@ -129,11 +134,6 @@
                "name": "https://github.com/WordPress/wordpress-develop/commit/6ef777e9a022bee2a80fa671118e7e2657e52693",
                "refsource": "MISC",
                "url": "https://github.com/WordPress/wordpress-develop/commit/6ef777e9a022bee2a80fa671118e7e2657e52693"
-            },
-            {
-                "name": "https://wordpress.org/news/2020/06/wordpress-5-4-2-security-and-maintenance-release/",
-                "refsource": "MISC",
-                "url": "https://wordpress.org/news/2020/06/wordpress-5-4-2-security-and-maintenance-release/"
            }
        ]
    },
--- a/2020/4xxx/CVE-2020-4049.json
+++ b/2020/4xxx/CVE-2020-4049.json
@ -86,7 +86,7 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "In affected versions of WordPress, when uploading themes, the name of the theme folder can be crafted in a way that could lead to JavaScript execution in /wp-admin on the themes page. This does require an admin to upload the theme, and is low severity self-XSS.\n\nThis has been patched in version 5.4.2, along with all the previously affected versions via a minor release (5.3.4, 5.2.7, 5.1.6, 5.0.10, 4.9.15, 4.8.14, 4.7.18, 4.6.19, 4.5.22, 4.4.23, 4.3.24, 4.2.28, 4.1.31, 4.0.31, 3.9.32, 3.8.34, 3.7.34).  "
+                "value": "In affected versions of WordPress, when uploading themes, the name of the theme folder can be crafted in a way that could lead to JavaScript execution in /wp-admin on the themes page. This does require an admin to upload the theme, and is low severity self-XSS. This has been patched in version 5.4.2, along with all the previously affected versions via a minor release (5.3.4, 5.2.7, 5.1.6, 5.0.10, 4.9.15, 4.8.14, 4.7.18, 4.6.19, 4.5.22, 4.4.23, 4.3.24, 4.2.28, 4.1.31, 4.0.31, 3.9.32, 3.8.34, 3.7.34)."
            }
        ]
    },
@ -120,6 +120,11 @@
    },
    "references": {
        "reference_data": [
+            {
+                "name": "https://wordpress.org/news/2020/06/wordpress-5-4-2-security-and-maintenance-release/",
+                "refsource": "MISC",
+                "url": "https://wordpress.org/news/2020/06/wordpress-5-4-2-security-and-maintenance-release/"
+            },
            {
                "name": "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-87h4-phjv-rm6p",
                "refsource": "CONFIRM",
@ -129,11 +134,6 @@
                "name": "https://github.com/WordPress/wordpress-develop/commit/404f397b4012fd9d382e55bf7d206c1317f01148",
                "refsource": "MISC",
                "url": "https://github.com/WordPress/wordpress-develop/commit/404f397b4012fd9d382e55bf7d206c1317f01148"
-            },
-            {
-                "name": "https://wordpress.org/news/2020/06/wordpress-5-4-2-security-and-maintenance-release/",
-                "refsource": "MISC",
-                "url": "https://wordpress.org/news/2020/06/wordpress-5-4-2-security-and-maintenance-release/"
            }
        ]
    },
--- a/2020/4xxx/CVE-2020-4050.json
+++ b/2020/4xxx/CVE-2020-4050.json
@ -86,7 +86,7 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "In affected versions of WordPress, misuse of the `set-screen-option` filter's return value allows arbitrary user meta fields to be saved. It does require an admin to install a plugin that would misuse the filter. Once installed, it can be leveraged by low privileged users.\n\nThis has been patched in version 5.4.2, along with all the previously affected versions via a minor release (5.3.4, 5.2.7, 5.1.6, 5.0.10, 4.9.15, 4.8.14, 4.7.18, 4.6.19, 4.5.22, 4.4.23, 4.3.24, 4.2.28, 4.1.31, 4.0.31, 3.9.32, 3.8.34, 3.7.34)."
+                "value": "In affected versions of WordPress, misuse of the `set-screen-option` filter's return value allows arbitrary user meta fields to be saved. It does require an admin to install a plugin that would misuse the filter. Once installed, it can be leveraged by low privileged users. This has been patched in version 5.4.2, along with all the previously affected versions via a minor release (5.3.4, 5.2.7, 5.1.6, 5.0.10, 4.9.15, 4.8.14, 4.7.18, 4.6.19, 4.5.22, 4.4.23, 4.3.24, 4.2.28, 4.1.31, 4.0.31, 3.9.32, 3.8.34, 3.7.34)."
            }
        ]
    },
@ -120,6 +120,11 @@
    },
    "references": {
        "reference_data": [
+            {
+                "name": "https://wordpress.org/news/2020/06/wordpress-5-4-2-security-and-maintenance-release/",
+                "refsource": "MISC",
+                "url": "https://wordpress.org/news/2020/06/wordpress-5-4-2-security-and-maintenance-release/"
+            },
            {
                "name": "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-4vpv-fgg2-gcqc",
                "refsource": "CONFIRM",
@ -129,11 +134,6 @@
                "name": "https://github.com/WordPress/wordpress-develop/commit/b8dea76b495f0072523106c6ec46b9ea0d2a0920",
                "refsource": "MISC",
                "url": "https://github.com/WordPress/wordpress-develop/commit/b8dea76b495f0072523106c6ec46b9ea0d2a0920"
-            },
-            {
-                "name": "https://wordpress.org/news/2020/06/wordpress-5-4-2-security-and-maintenance-release/",
-                "refsource": "MISC",
-                "url": "https://wordpress.org/news/2020/06/wordpress-5-4-2-security-and-maintenance-release/"
            }
        ]
    },