CVE-2020-28036

wp-includes/class-wp-xmlrpc-server.php in WordPress before 5.5.2 allows attackers to gain privileges by using XML-RPC to comment on a post.

We have discovered 1,236,206 live websites that are affected by CVE-2020-28036.

Run a Free Instant Scan



Affected Software

Product  WordPress
Category Content Management System
Vulnerable Domains1,236,206 live websites (14% of WordPress install base)
Vulnerable Versions
  • from 0 through 5.5.2
Vulnerable Versions Count512 versions ( 78% of all versions)



Details

  • Published - Oct 31, 2020
  • Updated - Aug 4, 2024

Website Distribution by Country

Number of websites using CVE-2020-28036
United States226,432 websites


Japan131,417 websites
Italy110,312 websites
Germany105,006 websites
Russia70,683 websites
France64,146 websites
GB48,864 websites
Poland46,220 websites
Netherlands34,653 websites
Spain30,969 websites

Website Distribution by TLD

Number of websites using CVE-2020-28036
.com463,926 websites
.it71,855 websites
.ru58,299 websites
.de55,789 websites
.org43,337 websites
.net39,910 websites
.pl34,606 websites
.jp28,853 websites
.co.uk28,783 websites
.nl26,828 websites

Vulnerable Versions

Vulnerable versions are highlighted in red

Websites affected by CVE-2020-28036

Top websites that are affected by CVE-2020-28036. Please click on the "Contact us" link to get more information.
DomainCountryRankContacts
************.org Singapore***
****.br Brazil***
*********.net United States***
*********.com Italy*,***
*****.com United States*,***
***********.com United States*,***
****.ch United States*,***
************.org United States*,***
*****.****.br Brazil*,***
****.org United States*,***
See full domain list

FAQ

A total of 1,236,206 websites have been identified as vulnerable to CVE-2020-28036, based on global website indexing conducted by WebTechSurvey.
The WordPress is affected by the CVE-2020-28036 vulnerability.
WordPress versions up to and including 5.5.2 are vulnerable to CVE-2020-28036.