Beta

Report

Drupal 7.0.0-7.69,8.0.0-8.7.13,8.8.0-8.8.5 is vulnerable to Unauthenticated Content Injection vulnerability

Unauthenticated
Published
2020-05-19

The jQuery Manager for WordPress plugin for WordPress is running a vulnerable version of jQuery in all versions up to, and including, 1.10.4 and the Enable jQuery Migrate Helper for WordPress is running a vulnerable version of jQuery in all versions up to, and including, 1.4.1. This makes it possible for unauthenticated attackers to malicious web scripts, though it is not verified that the plugin is exploitable through CVE-2020-11023.

CVE

https://www.cve.org/CVERecord?id=CVE-2020-11023

CVSS

Score:6.1

Severity:Medium

Version:7.0.0-7.69,8.0.0-8.7.13,8.8.0-8.8.5

There is a patch available in v7.70,8.7.14,8.8.6 and we strongly recommend you update to this version as soon as possible.