CVE-2021-29447
WordPress Authenticated XXE attack when installation is running PHP 8
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
15Exploited in Wild
-Decision
Descriptions
Wordpress is an open source CMS. A user with the ability to upload files (like an Author) can exploit an XML parsing issue in the Media Library leading to XXE attacks. This requires WordPress installation to be using PHP 8. Access to internal files is possible in a successful XXE attack. This has been patched in WordPress version 5.7.1, along with the older affected versions via a minor release. We strongly recommend you keep auto-updates enabled.
Wordpress es un CMS de código abierto. Un usuario con la capacidad de cargar archivos (como un Autor) puede explotar un problema de análisis de XML en Media Library conllevando a ataques de tipo XXE. Esto requiere que la instalación de WordPress utilice PHP versión 8. El acceso a archivos internos es posible en un ataque de tipo XXE con éxito. Esto ha sido parcheado en versión WordPress versión 5.7.1, junto con las versiones anteriores afectadas por medio de una versión menor. Se recomienda encarecidamente que mantenga habilitadas las actualizaciones automáticas
WordPress version 5.7 suffers from a Media Library XML external entity injection vulnerability.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-03-30 CVE Reserved
- 2021-04-15 CVE Published
- 2021-08-27 First Exploit
- 2024-08-03 CVE Updated
- 2024-10-05 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-611: Improper Restriction of XML External Entity Reference
CAPEC
References (20)
| URL | Tag | Source |
|---|---|---|
| http://packetstormsecurity.com/files/163148/XML-External-Entity-Via-MP3-File-Upload-On-WordPress.html | Third Party Advisory |
|
| https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-rv47-pc52-qrhh | Third Party Advisory | |
| https://lists.debian.org/debian-lts-announce/2021/04/msg00017.html | Mailing List |
|
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/50304 | 2021-09-20 | |
| https://github.com/motikan2010/CVE-2021-29447 | 2021-10-04 | |
| https://github.com/0xRar/CVE-2021-29447-PoC | 2023-01-31 | |
| https://github.com/dnr6419/CVE-2021-29447 | 2022-01-10 | |
| https://github.com/Abdulazizalsewedy/CVE-2021-29447 | 2022-11-21 | |
| https://github.com/thomas-osgood/CVE-2021-29447 | 2023-03-28 | |
| https://github.com/elf1337/blind-xxe-controller-CVE-2021-29447 | 2022-11-11 | |
| https://github.com/viardant/CVE-2021-29447 | 2023-01-17 | |
| https://github.com/G01d3nW01f/CVE-2021-29447 | 2022-12-25 | |
| https://github.com/AssassinUKG/CVE-2021-29447 | 2021-08-27 | |
| https://github.com/andyhsu024/CVE-2021-29447 | 2023-04-30 | |
| https://github.com/b-abderrahmane/CVE-2021-29447-POC | 2022-11-10 | |
| https://github.com/Val-Resh/CVE-2021-29447-POC | 2022-11-06 | |
| http://packetstormsecurity.com/files/164198/WordPress-5.7-Media-Library-XML-Injection.html | 2024-08-03 | |
| https://blog.sonarsource.com/wordpress-xxe-security-vulnerability | 2024-08-03 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://wordpress.org/news/category/security | 2022-10-27 | |
| https://www.debian.org/security/2021/dsa-4896 | 2022-10-27 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | >= 5.6.0 < 5.7.1 Search vendor "Wordpress" for product "Wordpress" and version " >= 5.6.0 < 5.7.1" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
| ||||||