CVE-2020-28037
is_blog_installed in wp-includes/functions.php in WordPress before 5.5.2 improperly determines whether WordPress is already installed, which might allow an attacker to perform a new installation, leading to remote code execution (as well as a denial of service for the old installation).
We have discovered 1,236,206 live websites that are affected by CVE-2020-28037.
Affected Software
| Product |  WordPress |
| Category | Content Management System |
| Vulnerable Domains | 1,236,206 live websites (14% of WordPress install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 512 versions ( 78% of all versions) |
Details
- Published - Oct 31, 2020
- Updated - Aug 4, 2024
CVE References
Website Distribution by Country
Number of websites using CVE-2020-28037 United States | 226,432 websites |
 Japan | 131,417 websites |
 Italy | 110,312 websites |
 Germany | 105,006 websites |
 Russia | 70,683 websites |
 France | 64,146 websites |
 GB | 48,864 websites |
 Poland | 46,220 websites |
 Netherlands | 34,653 websites |
 Spain | 30,969 websites |
Website Distribution by TLD
Number of websites using CVE-2020-28037| .com | 463,926 websites |
| .it | 71,855 websites |
| .ru | 58,299 websites |
| .de | 55,789 websites |
| .org | 43,337 websites |
| .net | 39,910 websites |
| .pl | 34,606 websites |
| .jp | 28,853 websites |
| .co.uk | 28,783 websites |
| .nl | 26,828 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2020-28037
Top websites that are affected by CVE-2020-28037. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ************.org |  Singapore | *** | |
| ****.br |  Brazil | *** | |
| *********.net | United States | *** | |
| *********.com | Italy | *,*** | |
| *****.com | United States | *,*** | |
| ***********.com | United States | *,*** | |
| ****.ch | United States | *,*** | |
| ************.org | United States | *,*** | |
| *****.****.br | Brazil | *,*** | |
| ****.org | United States | *,*** |
References
- https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/
- https://github.com/WordPress/wordpress-develop/commit/2ca15d1e5ce70493c5c0c096ca0c76503d6da07c
- https://wpscan.com/vulnerability/10450
- https://lists.debian.org/debian-lts-announce/2020/11/msg00004.html
- https://www.debian.org/security/2020/dsa-4784
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VAVVYJKA2I6CRQUINECDPBGWMQDEG244/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VUXVUAKL2HL4QYJEPHBNVQQWRMFMII2Y/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHVNK2WYAM3ZTCXTFSEIT56IKLVJHU3/