QwikSec

Security Database

CVE

CWE

Training

CVE-2019-20042

Published: Dec 27, 2019

Modified: Aug 5, 2024

PUBLISHED

Description

In wp-includes/formatting.php in WordPress 3.7 to 5.3.0, the function wp_targeted_link_rel() can be used in a particular way to result in a stored cross-site scripting (XSS) vulnerability. This has been patched in WordPress 5.3.1, along with all the previous WordPress versions from 3.7 to 5.3 via a minor release.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://wpvulndb.com/vulnerabilities/9975

x_refsource_MISC

https://wordpress.org/news/2019/12/wordpress-5-3-1-security-and-maintenance-release/

x_refsource_MISC

https://core.trac.wordpress.org/changeset/46894/trunk

x_refsource_MISC

https://github.com/WordPress/wordpress-develop/commit/1f7f3f1f59567e2504f0fbebd51ccf004b3ccb1d

x_refsource_MISC

https://blog.ripstech.com/filter/vulnerabilities/

x_refsource_MISC

20200108 [SECURITY] [DSA 4599-1] wordpress security update

mailing-list

x_refsource_BUGTRAQ

vendor-advisory

x_refsource_DEBIAN

https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-xvg2-m2f4-83m7

x_refsource_CONFIRM

https://hackerone.com/reports/509930

x_refsource_MISC

vendor-advisory

x_refsource_DEBIAN

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.