CVE-2021-29450

Sažetak

Wordpress is an open source CMS. One of the blocks in the WordPress editor can be exploited in a way that exposes password-protected posts and pages. This requires at least contributor privileges. This has been patched in WordPress 5.7.1, along with the older affected versions via minor releases. It's strongly recommended that you keep auto-updates enabled to receive the fix.

Reference

https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-pmmh-2f36-wvhq
https://wordpress.org/news/category/security/
https://lists.debian.org/debian-lts-announce/2021/04/msg00017.html
https://www.debian.org/security/2021/dsa-4896

CVSS

Base:	4.0
Impact:	2.9
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:S/C:P/I:N/A:N

Zadnje važnije ažuriranje

23-04-2021 - 14:47

Objavljeno

15-04-2021 - 22:15