CVE-2021-29504

🗓️ 07 Jun 2021 20:50:17Reported by GitHub_MType

cve🔗 web.nvd.nist.gov📰️ 4 Media mentions👁 96 Views

WP-CLI version 0.12.0 and later allows remote attackers to disable certificate verification, allowing full control over communication content

Reporter	Title	Published	Views	Family All 15
CNNVD	WordPress 插件信任管理问题漏洞	7 Jun 202100:00	–	cnnvd
CNVD	WordPress WP-CLI Trust Management Issue Vulnerability	9 Jun 202100:00	–	cnvd
Cvelist	CVE-2021-29504 Improper Certificate Validation in WP-CLI framework	7 Jun 202120:50	–	cvelist
EUVD	EUVD-2021-1189	7 Oct 202500:30	–	euvd
Friends Of PHP	Improper Certificate Validation in WP-CLI framework	14 May 202114:37	–	friendsofphp
Friends Of PHP	Improper Certificate Validation in WP-CLI framework	14 May 202114:37	–	friendsofphp
Github Security Blog	Improper Certificate Validation in WP-CLI framework	19 May 202123:03	–	github
NVD	CVE-2021-29504	7 Jun 202121:15	–	nvd
OSV	BIT-WP-CLI-2021-29504 Improper Certificate Validation in WP-CLI framework	6 Mar 202411:08	–	osv
OSV	GHSA-RWGM-F83R-V3QJ Improper Certificate Validation in WP-CLI framework	19 May 202123:03	–	osv

NVD

Vulners

Node

wp-cli wp-cliRange0.12.0–2.5.0

[
  {
    "product": "wp-cli",
    "vendor": "wp-cli",
    "versions": [
      {
        "status": "affected",
        "version": "< 2.5.0"
      }
    ]
  }
]

Source	Link
github	www.github.com/wp-cli/extension-command/pull/287
github	www.github.com/wp-cli/checksum-command/pull/86
github	www.github.com/wp-cli/package-command/pull/138
github	www.github.com/wp-cli/wp-cli/security/advisories/GHSA-rwgm-f83r-v3qj
github	www.github.com/wp-cli/wp-cli/pull/5523
github	www.github.com/wp-cli/core-command/pull/186
github	www.github.com/wp-cli/config-command/pull/128

17 Jun 2026 03:47Current

7.7High risk

Vulners AI Score7.7

CVSS 3.17.4 - 9.1

CVSS 27.5

EPSS0.01312

CWE-295