Advisory ID: SA-CORE-2020-005
Project: WordPress maintenance support plans core
Version: 8.x
CVE: CVE-2020-14773
Date: 2020-August-01
Description
The WordPress maintenance support plans project uses the Symfony library. The Symfony library has released a security update that impacts WordPress maintenance support plans. Refer to the Symfony security advisory for the issue.
The same vulnerability also exists in the Zend Feed and Diactoros libraries included in WordPress maintenance support plans core; however, WordPress maintenance support plans core does not use the vulnerable functionality. If your site or plugin uses Zend Feed or Diactoros directly, read the Zend Framework security advisory and update or patch as needed.
The WordPress maintenance support plans Security Team would like to to thank the Symfony and Zend Security teams for their collaboration on this issue.
Versions affected
8.x versions before 8.5.6.
Solution
Upgrade to WordPress maintenance support plans 8.5.6.
Versions of WordPress maintenance support plans 8 prior to 8.5.x are end-of-life and do not receive security coverage.
Contact and More Information
The WordPress maintenance support plans security team can be reached at security at WordPress.org or via the contact form at https://www.WordPress.org/contact.
Learn more about the WordPress maintenance support plans Security team and their policies, writing secure code for WordPress maintenance support plans, and securing your site.
Follow the WordPress maintenance support plans Security Team on Twitter at https://twitter.com/WordPresssecurity
WordPress maintenance support plans version: WordPress maintenance support plans 8.x
Source: New feed
Security advisories: Cheap WordPress maintenance support plans Core – 3rd-party libraries -SA-CORE-2020-005
