Candidate: CVE-2020-11028
PublicDate: 2020-04-30 23:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11028
 https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-xhx9-759f-6p2w
 https://wordpress.org/support/wordpress-version/version-5-4-1/#security-updates
Description:
 In affected versions of WordPress, some private posts, which were
 previously public, can result in unauthenticated disclosure under a
 specific set of conditions. This has been patched in version 5.4.1, along
 with all the previously affected versions via a minor release (5.3.3,
 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22,
 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33).
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N [7.5 HIGH]


Patches_wordpress:
upstream_wordpress: released (5.4.2+dfsg1-1, 5.3.3, 4.9.14, 4.4.22, 3.8.33)
precise/esm_wordpress: DNE
trusty_wordpress: ignored (out of standard support)
trusty/esm_wordpress: DNE
xenial_wordpress: ignored (end of standard support, was needed)
bionic_wordpress: needed
eoan_wordpress: ignored (reached end-of-life)
focal_wordpress: needed
groovy_wordpress: ignored (reached end-of-life)
hirsute_wordpress: ignored (reached end-of-life)
impish_wordpress: needed
jammy_wordpress: needed
devel_wordpress: needed