CVE-2021-29450
WordPress Authenticated disclosure of password-protected posts and pages
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Wordpress is an open source CMS. One of the blocks in the WordPress editor can be exploited in a way that exposes password-protected posts and pages. This requires at least contributor privileges. This has been patched in WordPress 5.7.1, along with the older affected versions via minor releases. It's strongly recommended that you keep auto-updates enabled to receive the fix.
Wordpress es un CMS de código abierto. Uno de los bloques en el editor de WordPress puede ser explotado de manera que exponga publicaciones y páginas protegidas con contraseña. Esto requiere al menos privilegios de colaborador. Esto ha sido parcheado en WordPress versión 5.7.1, junto con las versiones anteriores afectadas mediante versiones menores. Se recomienda encarecidamente que mantenga habilitadas las actualizaciones automáticas para recibir la solución
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-03-30 CVE Reserved
- 2021-04-15 CVE Published
- 2024-05-02 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (4)
URL | Tag | Source |
---|---|---|
https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-pmmh-2f36-wvhq | Third Party Advisory | |
https://lists.debian.org/debian-lts-announce/2021/04/msg00017.html | Mailing List |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://wordpress.org/news/category/security | 2021-04-23 | |
https://www.debian.org/security/2021/dsa-4896 | 2021-04-23 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | >= 4.7 < 5.7.1 Search vendor "Wordpress" for product "Wordpress" and version " >= 4.7 < 5.7.1" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
|