How severe is CVE-2020-4050?

This vulnerability has a severity rating of LOW with a CVSS score of 3.1 out of 10.

What type of vulnerability is CVE-2020-4050?

This is classified as CWE-288, which is a common weakness in software security.

CVE-2020-4050 - LOW Severity | CVSS 3.1

Vulnerability Description

In affected versions of WordPress, misuse of the `set-screen-option` filter's return value allows arbitrary user meta fields to be saved. It does require an admin to install a plugin that would misuse the filter. Once installed, it can be leveraged by low privileged users. This has been patched in version 5.4.2, along with all the previously affected versions via a minor release (5.3.4, 5.2.7, 5.1.6, 5.0.10, 4.9.15, 4.8.14, 4.7.18, 4.6.19, 4.5.22, 4.4.23, 4.3.24, 4.2.28, 4.1.31, 4.0.31, 3.9.32, 3.8.34, 3.7.34).

Related Vulnerabilities

CVE-2024-25036

LOW

CVSS:3.3(Low)

IBM Cognos Controller 11.0.0 and 11.0.1 could allow an authenticated user with local access to bypass security allowing users to circumvent restrictions imposed on input fields.

CWE-2882024

CVE-2023-20247

MEDIUM

CVSS:4.3(Medium)

A vulnerability in the remote access SSL VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker...

CWE-2882023

CVE-2023-30946

MEDIUM

CVSS:4.3(Medium)

A security defect was identified in Foundry Issues. If a user was added to an issue on a resource that they did not have access to and consequently could not see, they could query Foundry's Notificati...

CWE-2882023

CVE-2023-4957

MEDIUM

CVSS:4.3(Medium)

A vulnerability of authentication bypass has been found on a Zebra Technologies ZTC ZT410-203dpi ZPL printer. This vulnerability allows an attacker that is in the same network as the printer, to chang...

CWE-2882023

CVE-2024-51464

MEDIUM

CVSS:4.3(Medium)

IBM i 7.3, 7.4, and 7.5 is vulnerable to bypassing Navigator for i interface restrictions. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to remotel...

CWE-2882024

CVE-2025-32357

MEDIUM

CVSS:4.3(Medium)

In Zammad 6.4.x before 6.4.2, an authenticated agent with knowledge base permissions was able to use the Zammad API to fetch knowledge base content that they have no permission for.

CWE-2882025