Search for vulnerabilities
| Vulnerability ID | VCID-1by8-54pr-ubcw |
| Aliases |
CVE-2020-4046
|
| Summary | In affected versions of WordPress, users with low privileges (like contributors and authors) can use the embed block in a certain way to inject unfiltered HTML in the block editor. When affected posts are viewed by a higher privileged user, this could lead to script execution in the editor/wp-admin. This has been patched in version 5.4.2, along with all the previously affected versions via a minor release (5.3.4, 5.2.7, 5.1.6, 5.0.10, 4.9.15, 4.8.14, 4.7.18, 4.6.19, 4.5.22, 4.4.23, 4.3.24, 4.2.28, 4.1.31, 4.0.31, 3.9.32, 3.8.34, 3.7.34). |
| Status | Published |
| Exploitability | 0.5 |
| Weighted Severity | 0.1 |
| Risk | 0.1 |
| Affected and Fixed Packages | Package Details |
| There are no known CWE. |
| System | Score | Found at |
|---|---|---|
| epss | 0.06854 | https://api.first.org/data/v1/epss?cve=CVE-2020-4046 |
| epss | 0.06854 | https://api.first.org/data/v1/epss?cve=CVE-2020-4046 |
| epss | 0.06854 | https://api.first.org/data/v1/epss?cve=CVE-2020-4046 |
| epss | 0.06854 | https://api.first.org/data/v1/epss?cve=CVE-2020-4046 |
| epss | 0.06854 | https://api.first.org/data/v1/epss?cve=CVE-2020-4046 |
| epss | 0.06854 | https://api.first.org/data/v1/epss?cve=CVE-2020-4046 |
| epss | 0.06854 | https://api.first.org/data/v1/epss?cve=CVE-2020-4046 |
| epss | 0.06854 | https://api.first.org/data/v1/epss?cve=CVE-2020-4046 |
| epss | 0.06854 | https://api.first.org/data/v1/epss?cve=CVE-2020-4046 |
| Percentile | 0.91313 |
| EPSS Score | 0.06854 |
| Published At | April 1, 2026, 12:55 p.m. |
| Date | Actor | Action | Source | VulnerableCode Version |
|---|---|---|---|---|
| 2026-04-01T16:34:26.713136+00:00 | Debian Oval Importer | Import | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 38.0.0 |