WordPress < 5.4.2 - Authenticated XSS via Theme Upload



Description
Props to Nrimo Ing Pandum for finding an authenticated XSS issue via theme uploads.

Affects WordPresses

fixed in version 5.4.2
fixed in version 5.4.2
fixed in version 5.3.4
fixed in version 5.3.4
fixed in version 5.3.4
fixed in version 5.3.4
fixed in version 5.2.7
fixed in version 5.2.7
fixed in version 5.2.7
fixed in version 5.2.7
fixed in version 5.2.7
fixed in version 5.2.7
fixed in version 5.2.7
fixed in version 5.1.6
fixed in version 5.1.6
fixed in version 5.1.6
fixed in version 5.1.6
fixed in version 5.1.6
fixed in version 5.1.6
fixed in version 5.0.10
fixed in version 5.0.10
fixed in version 4.9.15
fixed in version 4.9.15
fixed in version 4.9.15
fixed in version 4.9.15
fixed in version 4.9.15
fixed in version 4.9.15
fixed in version 4.9.15
fixed in version 4.8.14
fixed in version 4.8.14
fixed in version 4.8.14
fixed in version 4.8.14
fixed in version 4.8.14
fixed in version 4.8.14
fixed in version 4.7.18
fixed in version 4.7.18
fixed in version 4.7.18
fixed in version 4.7.18
fixed in version 4.7.18
fixed in version 4.7.18
fixed in version 4.7.18
fixed in version 4.7.18
fixed in version 4.7.18
fixed in version 4.7.18
fixed in version 4.6.19
fixed in version 4.6.19
fixed in version 4.6.19
fixed in version 4.6.19
fixed in version 4.6.19
fixed in version 4.6.19
fixed in version 4.6.19
fixed in version 4.6.19
fixed in version 4.6.19
fixed in version 4.6.19
fixed in version 4.6.19
fixed in version 4.5.22
fixed in version 4.5.22
fixed in version 4.5.22
fixed in version 4.5.22
fixed in version 4.5.22
fixed in version 4.5.22
fixed in version 4.5.22
fixed in version 4.5.22
fixed in version 4.5.22
fixed in version 4.5.22
fixed in version 4.5.22
fixed in version 4.5.22
fixed in version 4.5.22
fixed in version 4.5.22
fixed in version 4.5.22
fixed in version 4.4.23
fixed in version 4.4.23
fixed in version 4.4.23
fixed in version 4.4.23
fixed in version 4.4.23
fixed in version 4.4.23
fixed in version 4.4.23
fixed in version 4.4.23
fixed in version 4.4.23
fixed in version 4.4.23
fixed in version 4.4.23
fixed in version 4.4.23
fixed in version 4.4.23
fixed in version 4.4.23
fixed in version 4.4.23
fixed in version 4.4.23
fixed in version 4.3.24
fixed in version 4.3.24
fixed in version 4.3.24
fixed in version 4.3.24
fixed in version 4.3.24
fixed in version 4.3.24
fixed in version 4.3.24
fixed in version 4.3.24
fixed in version 4.3.24
fixed in version 4.3.24
fixed in version 4.3.24
fixed in version 4.3.24
fixed in version 4.3.24
fixed in version 4.3.24
fixed in version 4.3.24
fixed in version 4.3.24
fixed in version 4.3.24
fixed in version 4.2.28
fixed in version 4.2.28
fixed in version 4.2.28
fixed in version 4.2.28
fixed in version 4.2.28
fixed in version 4.2.28
fixed in version 4.2.28
fixed in version 4.2.28
fixed in version 4.2.28
fixed in version 4.2.28
fixed in version 4.2.28
fixed in version 4.2.28
fixed in version 4.2.28
fixed in version 4.2.28
fixed in version 4.2.28
fixed in version 4.2.28
fixed in version 4.2.28
fixed in version 4.2.28
fixed in version 4.2.28
fixed in version 4.2.28
fixed in version 4.2.28
fixed in version 4.1.31
fixed in version 4.1.31
fixed in version 4.1.31
fixed in version 4.1.31
fixed in version 4.1.31
fixed in version 4.1.31
fixed in version 4.1.31
fixed in version 4.1.31
fixed in version 4.1.31
fixed in version 4.1.31
fixed in version 4.1.31
fixed in version 4.1.31
fixed in version 4.1.31
fixed in version 4.1.31
fixed in version 4.1.31
fixed in version 4.1.31
fixed in version 4.1.31
fixed in version 4.1.31
fixed in version 4.1.31
fixed in version 4.1.31
fixed in version 4.1.31
fixed in version 4.1.31
fixed in version 4.1.31
fixed in version 4.1.31
fixed in version 4.1.31
fixed in version 4.0.31
fixed in version 4.0.31
fixed in version 4.0.31
fixed in version 4.0.31
fixed in version 4.0.31
fixed in version 4.0.31
fixed in version 4.0.31
fixed in version 4.0.31
fixed in version 4.0.31
fixed in version 4.0.31
fixed in version 4.0.31
fixed in version 4.0.31
fixed in version 4.0.31
fixed in version 4.0.31
fixed in version 4.0.31
fixed in version 4.0.31
fixed in version 4.0.31
fixed in version 4.0.31
fixed in version 4.0.31
fixed in version 4.0.31
fixed in version 4.0.31
fixed in version 4.0.31
fixed in version 4.0.31
fixed in version 4.0.31
fixed in version 4.0.31
fixed in version 3.9.32
fixed in version 3.9.32
fixed in version 3.9.32
fixed in version 3.9.32
fixed in version 3.9.32
fixed in version 3.9.32
fixed in version 3.9.32
fixed in version 3.9.32
fixed in version 3.9.32
fixed in version 3.9.32
fixed in version 3.9.32
fixed in version 3.9.32
fixed in version 3.9.32
fixed in version 3.9.32
fixed in version 3.9.32
fixed in version 3.9.32
fixed in version 3.9.32
fixed in version 3.9.32
fixed in version 3.9.32
fixed in version 3.9.32
fixed in version 3.9.32
fixed in version 3.9.32
fixed in version 3.9.32
fixed in version 3.9.32
fixed in version 3.9.32
fixed in version 3.9.32
fixed in version 3.8.34
fixed in version 3.8.34
fixed in version 3.8.34
fixed in version 3.8.34
fixed in version 3.8.34
fixed in version 3.8.34
fixed in version 3.8.34
fixed in version 3.8.34
fixed in version 3.8.34
fixed in version 3.8.34
fixed in version 3.8.34
fixed in version 3.8.34
fixed in version 3.8.34
fixed in version 3.8.34
fixed in version 3.8.34
fixed in version 3.8.34
fixed in version 3.8.34
fixed in version 3.8.34
fixed in version 3.8.34
fixed in version 3.8.34
fixed in version 3.8.34
fixed in version 3.8.34
fixed in version 3.8.34
fixed in version 3.8.34
fixed in version 3.8.34
fixed in version 3.8.34
fixed in version 3.8.34
fixed in version 3.8.34
fixed in version 3.7.34
fixed in version 3.7.34
fixed in version 3.7.34
fixed in version 3.7.34
fixed in version 3.7.34
fixed in version 3.7.34
fixed in version 3.7.34
fixed in version 3.7.34
fixed in version 3.7.34
fixed in version 3.7.34
fixed in version 3.7.34
fixed in version 3.7.34
fixed in version 3.7.34
fixed in version 3.7.34
fixed in version 3.7.34
fixed in version 3.7.34
fixed in version 3.7.34
fixed in version 3.7.34
fixed in version 3.7.34
fixed in version 3.7.34
fixed in version 3.7.34
fixed in version 3.7.34
fixed in version 3.7.34
fixed in version 3.7.34
fixed in version 3.7.34
fixed in version 3.7.34
fixed in version 3.7.34
fixed in version 3.7.34

References

CVE 2020-4049
URL https://wordpress.org/news/2020/06/wordpress-5-4-2-security-and-maintenance-release/
URL https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-87h4-phjv-rm6p

Classification

Type XSS
OWASP Top 10 A7: Cross-Site Scripting (XSS)
CWE CWE-79

Miscellaneous

Original Researcher Nrimo Ing Pandum
Views 1619
Verified No
WPVDB ID 10266

Timeline

Publicly Published 2020-06-11 (28 days ago)
Added 2020-06-11 (28 days ago)
Last Updated 2020-06-13 (26 days ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin