Lucene search

CVE-2021-29450

🗓️ 15 Apr 2021 22:12:15Reported by GitHub_MType

cve🔗 web.nvd.nist.gov📰️ 5 Media mentions👁 444 Views🌐 WEB

Wordpress editor block vulnerability exposing password-protected content

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 26
OSV	BIT-WORDPRESS-2021-29450	6 Mar 202411:10	–	osv
OSV	BIT-WORDPRESS-MULTISITE-2021-29450	6 Mar 202411:10	–	osv
OSV	CVE-2021-29450	15 Apr 202122:15	–	osv
OSV	UBUNTU-CVE-2021-29450	15 Apr 202122:15	–	osv
OSV	DSA-4896-1 wordpress - security update	22 Apr 202100:00	–	osv
OSV	DLA-2630-1 wordpress - security update	21 Apr 202100:00	–	osv
UbuntuCve	CVE-2021-29450	15 Apr 202100:00	–	ubuntucve
Veracode	Privilege Escalation	18 Apr 202107:58	–	veracode
Prion	Design/Logic Flaw	15 Apr 202122:15	–	prion
WPVulnDB	WordPress 4.7-5.7 - Authenticated Password Protected Pages Exposure	15 Apr 202100:00	–	wpvulndb

Nvd

Vulners

Node

wordpress wordpressRange4.7–5.7.1

Node

debian debian_linuxMatch9.0

debian debian_linuxMatch10.0

[
  {
    "product": "wordpress-develop",
    "vendor": "WordPress",
    "versions": [
      {
        "status": "affected",
        "version": ">= 4.70,< 5.7.1"
      }
    ]
  }
]

Source	Link
wordpress	www.wordpress.org/news/category/security/
debian	www.debian.org/security/2021/dsa-4896
lists	www.lists.debian.org/debian-lts-announce/2021/04/msg00017.html
github	www.github.com/WordPress/wordpress-develop/security/advisories/GHSA-pmmh-2f36-wvhq

Parameter	Position	Path	Description	CWE
order	query param	/wp-json/wp/v2/posts	Exposes password-protected post content via REST API when accessed with 'edit' context by users with contributor role.	CWE-200
orderby	query param	/wp-json/wp/v2/posts	Exposes password-protected post content via REST API when accessed with 'edit' context by users with contributor role.	CWE-200
per_page	query param	/wp-json/wp/v2/posts	Exposes password-protected post content via REST API when accessed with 'edit' context by users with contributor role.	CWE-200
context	query param	/wp-json/wp/v2/posts	Exposes password-protected post content via REST API when accessed with 'edit' context by users with contributor role.	CWE-200
_locale	query param	/wp-json/wp/v2/posts	Exposes password-protected post content via REST API when accessed with 'edit' context by users with contributor role.	CWE-200

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

15 Apr 2021 22:15Current

5.2Medium risk

Vulners AI Score5.2

CVSS24

CVSS34.3 - 6.5

EPSS0.01857

CWE-200