WordPress < 5.4.1 - Cross-Site Scripting (XSS) in wp-object-cache



Description
WordPress' Object Cache that caches data from the database did not validate or encode the cache key. If an attacker managed to inject a malicious cache key that was then output in a third party plugin, it could lead to XSS.

Affects WordPresses

fixed in version 5.4.1
fixed in version 5.3.3
fixed in version 5.3.3
fixed in version 5.3.3
fixed in version 5.2.6
fixed in version 5.2.6
fixed in version 5.2.6
fixed in version 5.2.6
fixed in version 5.2.6
fixed in version 5.2.6
fixed in version 5.1.5
fixed in version 5.1.5
fixed in version 5.1.5
fixed in version 5.1.5
fixed in version 5.1.5
fixed in version 5.0.9
fixed in version 5.0.9
fixed in version 5.0.9
fixed in version 5.0.9
fixed in version 5.0.9
fixed in version 5.0.9
fixed in version 5.0.9
fixed in version 5.0.9
fixed in version 4.9.14
fixed in version 4.9.14
fixed in version 4.9.14
fixed in version 4.9.14
fixed in version 4.9.14
fixed in version 4.9.14
fixed in version 4.9.14
fixed in version 4.9.14
fixed in version 4.9.14
fixed in version 4.9.14
fixed in version 4.9.14
fixed in version 4.9.14
fixed in version 4.9.14
fixed in version 4.9.14
fixed in version 4.8.13
fixed in version 4.8.13
fixed in version 4.8.13
fixed in version 4.8.13
fixed in version 4.8.13
fixed in version 4.8.13
fixed in version 4.8.13
fixed in version 4.8.13
fixed in version 4.8.13
fixed in version 4.8.13
fixed in version 4.8.13
fixed in version 4.8.13
fixed in version 4.8.13
fixed in version 4.7.17
fixed in version 4.7.17
fixed in version 4.7.17
fixed in version 4.7.17
fixed in version 4.7.17
fixed in version 4.7.17
fixed in version 4.7.17
fixed in version 4.7.17
fixed in version 4.7.17
fixed in version 4.7.17
fixed in version 4.7.17
fixed in version 4.7.17
fixed in version 4.7.17
fixed in version 4.7.17
fixed in version 4.7.17
fixed in version 4.7.17
fixed in version 4.7.17
fixed in version 4.6.18
fixed in version 4.6.18
fixed in version 4.6.18
fixed in version 4.6.18
fixed in version 4.6.18
fixed in version 4.6.18
fixed in version 4.6.18
fixed in version 4.6.18
fixed in version 4.6.18
fixed in version 4.6.18
fixed in version 4.6.18
fixed in version 4.6.18
fixed in version 4.6.18
fixed in version 4.6.18
fixed in version 4.6.18
fixed in version 4.6.18
fixed in version 4.6.18
fixed in version 4.6.18
fixed in version 4.5.21
fixed in version 4.5.21
fixed in version 4.5.21
fixed in version 4.5.21
fixed in version 4.5.21
fixed in version 4.5.21
fixed in version 4.5.21
fixed in version 4.5.21
fixed in version 4.5.21
fixed in version 4.5.21
fixed in version 4.5.21
fixed in version 4.5.21
fixed in version 4.5.21
fixed in version 4.5.21
fixed in version 4.5.21
fixed in version 4.5.21
fixed in version 4.5.21
fixed in version 4.5.21
fixed in version 4.5.21
fixed in version 4.5.21
fixed in version 4.5.21
fixed in version 4.4.22
fixed in version 4.4.22
fixed in version 4.4.22
fixed in version 4.4.22
fixed in version 4.4.22
fixed in version 4.4.22
fixed in version 4.4.22
fixed in version 4.4.22
fixed in version 4.4.22
fixed in version 4.4.22
fixed in version 4.4.22
fixed in version 4.4.22
fixed in version 4.4.22
fixed in version 4.4.22
fixed in version 4.4.22
fixed in version 4.4.22
fixed in version 4.4.22
fixed in version 4.4.22
fixed in version 4.4.22
fixed in version 4.4.22
fixed in version 4.4.22
fixed in version 4.4.22
fixed in version 4.3.23
fixed in version 4.3.23
fixed in version 4.3.23
fixed in version 4.3.23
fixed in version 4.3.23
fixed in version 4.3.23
fixed in version 4.3.23
fixed in version 4.3.23
fixed in version 4.3.23
fixed in version 4.3.23
fixed in version 4.3.23
fixed in version 4.3.23
fixed in version 4.3.23
fixed in version 4.3.23
fixed in version 4.3.23
fixed in version 4.3.23
fixed in version 4.3.23
fixed in version 4.3.23
fixed in version 4.3.23
fixed in version 4.3.23
fixed in version 4.3.23
fixed in version 4.3.23
fixed in version 4.3.23
fixed in version 4.2.27
fixed in version 4.2.27
fixed in version 4.2.27
fixed in version 4.2.27
fixed in version 4.2.27
fixed in version 4.2.27
fixed in version 4.2.27
fixed in version 4.2.27
fixed in version 4.2.27
fixed in version 4.2.27
fixed in version 4.2.27
fixed in version 4.2.27
fixed in version 4.2.27
fixed in version 4.2.27
fixed in version 4.2.27
fixed in version 4.2.27
fixed in version 4.2.27
fixed in version 4.2.27
fixed in version 4.2.27
fixed in version 4.2.27
fixed in version 4.2.27
fixed in version 4.2.27
fixed in version 4.2.27
fixed in version 4.2.27
fixed in version 4.2.27
fixed in version 4.2.27
fixed in version 4.2.27
fixed in version 4.1.30
fixed in version 4.1.30
fixed in version 4.1.30
fixed in version 4.1.30
fixed in version 4.1.30
fixed in version 4.1.30
fixed in version 4.1.30
fixed in version 4.1.30
fixed in version 4.1.30
fixed in version 4.1.30
fixed in version 4.1.30
fixed in version 4.1.30
fixed in version 4.1.30
fixed in version 4.1.30
fixed in version 4.1.30
fixed in version 4.1.30
fixed in version 4.1.30
fixed in version 4.1.30
fixed in version 4.1.30
fixed in version 4.1.30
fixed in version 4.1.30
fixed in version 4.1.30
fixed in version 4.1.30
fixed in version 4.1.30
fixed in version 4.1.30
fixed in version 4.1.30
fixed in version 4.1.30
fixed in version 4.1.30
fixed in version 4.1.30
fixed in version 4.1.30
fixed in version 4.0.30
fixed in version 4.0.30
fixed in version 4.0.30
fixed in version 4.0.30
fixed in version 4.0.30
fixed in version 4.0.30
fixed in version 4.0.30
fixed in version 4.0.30
fixed in version 4.0.30
fixed in version 4.0.30
fixed in version 4.0.30
fixed in version 4.0.30
fixed in version 4.0.30
fixed in version 4.0.30
fixed in version 4.0.30
fixed in version 4.0.30
fixed in version 4.0.30
fixed in version 4.0.30
fixed in version 4.0.30
fixed in version 4.0.30
fixed in version 4.0.30
fixed in version 4.0.30
fixed in version 4.0.30
fixed in version 4.0.30
fixed in version 4.0.30
fixed in version 4.0.30
fixed in version 4.0.30
fixed in version 4.0.30
fixed in version 4.0.30
fixed in version 4.0.30
fixed in version 3.9.31
fixed in version 3.9.31
fixed in version 3.9.31
fixed in version 3.9.31
fixed in version 3.9.31
fixed in version 3.9.31
fixed in version 3.9.31
fixed in version 3.9.31
fixed in version 3.9.31
fixed in version 3.9.31
fixed in version 3.9.31
fixed in version 3.9.31
fixed in version 3.9.31
fixed in version 3.9.31
fixed in version 3.9.31
fixed in version 3.9.31
fixed in version 3.9.31
fixed in version 3.9.31
fixed in version 3.9.31
fixed in version 3.9.31
fixed in version 3.9.31
fixed in version 3.9.31
fixed in version 3.9.31
fixed in version 3.9.31
fixed in version 3.9.31
fixed in version 3.9.31
fixed in version 3.9.31
fixed in version 3.9.31
fixed in version 3.9.31
fixed in version 3.9.31
fixed in version 3.9.31
fixed in version 3.8.33
fixed in version 3.8.33
fixed in version 3.8.33
fixed in version 3.8.33
fixed in version 3.8.33
fixed in version 3.8.33
fixed in version 3.8.33
fixed in version 3.8.33
fixed in version 3.8.33
fixed in version 3.8.33
fixed in version 3.8.33
fixed in version 3.8.33
fixed in version 3.8.33
fixed in version 3.8.33
fixed in version 3.8.33
fixed in version 3.8.33
fixed in version 3.8.33
fixed in version 3.8.33
fixed in version 3.8.33
fixed in version 3.8.33
fixed in version 3.8.33
fixed in version 3.8.33
fixed in version 3.8.33
fixed in version 3.8.33
fixed in version 3.8.33
fixed in version 3.8.33
fixed in version 3.8.33
fixed in version 3.8.33
fixed in version 3.8.33
fixed in version 3.8.33
fixed in version 3.8.33
fixed in version 3.8.33
fixed in version 3.8.33
fixed in version 3.7.33
fixed in version 3.7.33
fixed in version 3.7.33
fixed in version 3.7.33
fixed in version 3.7.33
fixed in version 3.7.33
fixed in version 3.7.33
fixed in version 3.7.33
fixed in version 3.7.33
fixed in version 3.7.33
fixed in version 3.7.33
fixed in version 3.7.33
fixed in version 3.7.33
fixed in version 3.7.33
fixed in version 3.7.33
fixed in version 3.7.33
fixed in version 3.7.33
fixed in version 3.7.33
fixed in version 3.7.33
fixed in version 3.7.33
fixed in version 3.7.33
fixed in version 3.7.33
fixed in version 3.7.33
fixed in version 3.7.33
fixed in version 3.7.33
fixed in version 3.7.33
fixed in version 3.7.33
fixed in version 3.7.33
fixed in version 3.7.33
fixed in version 3.7.33
fixed in version 3.7.33
fixed in version 3.7.33
fixed in version 3.7.33

References

CVE 2020-11029
URL https://wordpress.org/news/2020/04/wordpress-5-4-1/
URL https://core.trac.wordpress.org/changeset/47637/
URL https://www.wordfence.com/blog/2020/04/unpacking-the-7-vulnerabilities-fixed-in-todays-wordpress-5-4-1-security-update/
URL https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-568w-8m88-8g2c

Classification

Type XSS
OWASP Top 10 A7: Cross-Site Scripting (XSS)
CWE CWE-79

Miscellaneous

Original Researcher Nick Daugherty from WordPress VIP / WordPress Security Team
Submitter Ryan
Views 2176
Verified No
WPVDB ID 10205

Timeline

Publicly Published 2020-04-29 (27 days ago)
Added 2020-04-30 (25 days ago)
Last Updated 2020-05-02 (23 days ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin