CVE-2020-28033: WordPress before 5.5.2 mishandles embeds… Posted on November 1, 2020 by Autobot WordPress before 5.5.2 mishandles embeds from disabled sites on a multisite network, as demonstrated by allowing a spam embed. View Original Source Source