CVE-2020-4050

Priority
Description
In affected versions of WordPress, misuse of the `set-screen-option`
filter's return value allows arbitrary user meta fields to be saved. It
does require an admin to install a plugin that would misuse the filter.
Once installed, it can be leveraged by low privileged users. This has been
patched in version 5.4.2, along with all the previously affected versions
via a minor release (5.3.4, 5.2.7, 5.1.6, 5.0.10, 4.9.15, 4.8.14, 4.7.18,
4.6.19, 4.5.22, 4.4.23, 4.3.24, 4.2.28, 4.1.31, 4.0.31, 3.9.32, 3.8.34,
3.7.34).
Notes
Package
Upstream:released (5.4.2+dfsg1-1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):needs-triage
Ubuntu 18.04 LTS (Bionic Beaver):needs-triage
Ubuntu 20.04 LTS (Focal Fossa):needs-triage
Ubuntu 20.10 (Groovy Gorilla):needs-triage
More Information

Updated: 2020-10-24 07:05:07 UTC (commit 69e225d81a6ee3e2e014950178db797c5d4e5009)