CVE-2021-39200

CVE Database · CVE-2021-39200

CVE-2021-39200

· MEDIUMModified

CVSS v3.1

5.3

EPSS

2.05%

Published

Sep 9, 2021

Modified

Nov 21, 2024

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. In affected versions output data of the function wp_die() can be leaked under certain conditions, which can include data like nonces. It can then be used to perform actions on your behalf. This has been patched in WordPress 5.8.1, along with any older affected versions via minor releases. It's strongly recommended that you keep auto-updates enabled to receive the fix.

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Weaknesses (CWE)

CWE-200

Affected Products (3)

wordpress · wordpress (up to 5.8.1)vulnerable

debian · debian_linuxvulnerable

References (6)

https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-m9hc-7v5q-x8q5

Third Party Advisory

https://hackerone.com/reports/1142140

Permissions Required