CVE-2021-39203 — Sensitive Information Exposure in Wordpress Wordpress-develop

CWE-200 — Sensitive Information Exposure4 documents4 sources

Severity

6.5MEDIUMNVD

CNA6.8

EPSS

1.2%

top 20.81%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wordpress Wordpress-develop Wordpress Debian Wordpress

Timeline

PublishedSep 9

Description

WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. In affected versions authenticated users who don't have permission to view private post types/data can bypass restrictions in the block editor under certain conditions. This affected WordPress 5.8 beta during the testing period. It's fixed in the final 5.8 release.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

▶debiandebian/wordpress

▶NVDwordpress/wordpress5.8

▶CVEListV5wordpress/wordpress-develop5.8 beta 1

🔴Vulnerability Details

OSV

CVE-2021-39203: WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database↗2021-09-09

▶

CVEList

Private data disclosure/privilege escalation through the block editor in Wordpress↗2021-09-09

▶

📋Vendor Advisories

Debian

CVE-2021-39203: wordpress - WordPress is a free and open-source content management system written in PHP and...↗2021

▶