QwikSec

Security Database

CVE

CWE

Training

CVE-2020-28037

Published: Oct 31, 2020

Modified: Aug 4, 2024

PUBLISHED

Description

is_blog_installed in wp-includes/functions.php in WordPress before 5.5.2 improperly determines whether WordPress is already installed, which might allow an attacker to perform a new installation, leading to remote code execution (as well as a denial of service for the old installation).

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/

x_refsource_MISC

https://github.com/WordPress/wordpress-develop/commit/2ca15d1e5ce70493c5c0c096ca0c76503d6da07c

x_refsource_MISC

https://wpscan.com/vulnerability/10450

x_refsource_MISC

[debian-lts-announce] 20201103 [SECURITY] [DLA 2429-1] wordpress security update

mailing-list

x_refsource_MLIST

vendor-advisory

x_refsource_DEBIAN

FEDORA-2020-15e15c35da

vendor-advisory

x_refsource_FEDORA

FEDORA-2020-a764b11b52

vendor-advisory

x_refsource_FEDORA

FEDORA-2020-b386fac43a

vendor-advisory

x_refsource_FEDORA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.