CVE CVE-2020-11030 Mappings

In affected versions of WordPress, a special payload can be crafted that can lead to scripts getting executed within the search block of the block editor. This requires an authenticated user with the ability to add content. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33).


Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
CVE-2020-11030 WordPress primary_impact T1059.007 JavaScript
CVE-2020-11030 WordPress secondary_impact T1557 Man-in-the-Middle
CVE-2020-11030 WordPress exploitation_technique T1204.001 Malicious Link