{"id":"CVE-2020-28040","details":"WordPress before 5.5.2 allows CSRF attacks that change a theme's background image.","aliases":["BIT-wordpress-2020-28040","BIT-wordpress-multisite-2020-28040"],"modified":"2026-05-28T04:05:57.131461012Z","published":"2020-11-02T21:15:31.197Z","database_specific":{"unresolved_ranges":[{"vendor_product":"canonical:ubuntu_linux","source":"CPE_STRING","extracted_events":[{"last_affected":"16.04"},{"last_affected":"18.04"},{"last_affected":"20.04"}],"cpes":["cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*","cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*"]},{"vendor_product":"debian:debian_linux","source":"CPE_STRING","extracted_events":[{"last_affected":"9.0"},{"last_affected":"10.0"}],"cpes":["cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"]}]},"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHVNK2WYAM3ZTCXTFSEIT56IKLVJHU3/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VAVVYJKA2I6CRQUINECDPBGWMQDEG244/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VUXVUAKL2HL4QYJEPHBNVQQWRMFMII2Y/"},{"type":"ADVISORY","url":"https://blog.wpscan.com/2020/10/30/wordpress-5.5.2-security-release.html"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2020/11/msg00004.html"},{"type":"ADVISORY","url":"https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/"},{"type":"ADVISORY","url":"https://www.debian.org/security/2020/dsa-4784"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/wordpress/wordpress","events":[{"introduced":"0"},{"fixed":"e86313b568fbd86fcd8e743a59be939d627c7e0d"}],"database_specific":{"cpe":"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*","source":"CPE_RANGE","extracted_events":[{"introduced":"0"},{"fixed":"5.5.2"}]}}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-28040.json"}},{"ranges":[{"type":"GIT","repo":"https://github.com/wordpress/wordpress-develop","events":[{"introduced":"0"},{"fixed":"c226f4016f80392aad6524a668f025e8e70b0789"}],"database_specific":{"cpe":"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*","source":"CPE_RANGE","extracted_events":[{"introduced":"0"},{"fixed":"5.5.2"}]}}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-28040.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"}]}