{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-05T14:02:32.445","vulnerabilities":[{"cve":{"id":"CVE-2020-11025","sourceIdentifier":"security-advisories@github.com","published":"2020-04-30T22:15:11.887","lastModified":"2024-11-21T04:56:36.933","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In affected versions of WordPress, a cross-site scripting (XSS) vulnerability in the navigation section of Customizer allows JavaScript code to be executed. Exploitation requires an authenticated user. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33)."},{"lang":"es","value":"En las versiones afectadas de WordPress, una vulnerabilidad de tipo cross-site scripting (XSS) en la sección de navegación de Customizer permite que un código JavaScript sea ejecutado. La explotación requiere un usuario autenticado. Esto ha sido corregido en la versión 5.4.1, junto con todas las versiones afectadas anteriormente por medio de una versión menor (versiones 5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33)."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:N/A:N","baseScore":5.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.3,"impactScore":4.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*","versionStartIncluding":"4.7","versionEndExcluding":"5.4.1","matchCriteriaId":"3E2946AF-3079-4F13-A0C0-4424476D3553"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"DEECE5FC-CACF-4496-A3E7-164736409252"},{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","matchCriteriaId":"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"}]}]}],"references":[{"url":"https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-4mhg-j6fx-5g3c","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"https://wordpress.org/support/wordpress-version/version-5-4-1/#security-updates","source":"security-advisories@github.com","tags":["Vendor Advisory"]},{"url":"https://www.debian.org/security/2020/dsa-4677","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-4mhg-j6fx-5g3c","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://wordpress.org/support/wordpress-version/version-5-4-1/#security-updates","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://www.debian.org/security/2020/dsa-4677","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}