CVE-2021-29450

CVE Database · CVE-2021-29450

CVE-2021-29450

· MEDIUMModified

CVSS v3.1

6.5

EPSS

2.33%

Published

Apr 15, 2021

Modified

Nov 21, 2024

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Wordpress is an open source CMS. One of the blocks in the WordPress editor can be exploited in a way that exposes password-protected posts and pages. This requires at least contributor privileges. This has been patched in WordPress 5.7.1, along with the older affected versions via minor releases. It's strongly recommended that you keep auto-updates enabled to receive the fix.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Weaknesses (CWE)

CWE-200

Affected Products (3)

wordpress · wordpress (up to 5.7.1)vulnerable

debian · debian_linuxvulnerable

References (8)

https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-pmmh-2f36-wvhq

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2021/04/msg00017.html

Mailing ListThird Party Advisory