Lucene search
WpvulndbWPEX-ID:6A3EC618-C79E-4B9C-9020-86B157458AC5HistoryApr 15, 2021 - 12:00 a.m.
WordPress 4.7-5.7 - Authenticated Password Protected Pages Exposure
2021-04-1500:00:00
wpvulndb
1604
The Latest Posts block in the WordPress editor can be exploited in a way that exposes password-protected posts and pages via the posts REST API when the “edit” context was used. This requires at least contributor privileges.
1. As one user, create a new password protected post. Ensure that it is in a "published" state.
2. Login as another user with the contributor role.
3. Create a new "draft" post and add the "Latest Posts" block.
4. Visit "https://example.com/wp-json/wp/v2/posts?order=desc&orderby=date&per_page=5&context=edit&_locale=user" to expose the password protected post content.Related
veracode
veracode
Privilege Escalation
2021-04-18 07:58:19
osv
osv
CVE-2021-29450
2021-04-15 22:15:12
BIT-wordpress-2021-29450
2024-03-06 11:10:45
BIT-wordpress-multisite-2021-29450
2024-03-06 11:10:30
ubuntucve
ubuntucve
CVE-2021-29450
2021-04-15 00:00:00
wpvulndb
wpvulndb
WordPress 4.7-5.7 - Authenticated Password Protected Pages Exposure
2021-04-15 00:00:00
prion
prion
Design/Logic Flaw
2021-04-15 22:15:00
debiancve
debiancve
CVE-2021-29450
2021-04-15 22:15:00
cvelist
cvelist
cve
cve
CVE-2021-29450
2021-04-15 22:15:00
openvas
openvas
Debian: Security Advisory (DSA-4896-1)
2021-04-24 00:00:00
Debian: Security Advisory (DLA-2630-1)
2021-04-22 00:00:00
WordPress Multiple Vulnerabilities (Apr 2021) - Windows
2021-04-16 00:00:00
nessus
nessus
Debian DSA-4896-1 : wordpress - security update
2021-04-23 00:00:00
Debian DLA-2630-1 : wordpress security update
2021-04-22 00:00:00
debian
debian
[SECURITY] [DLA 2630-1] wordpress security update
2021-04-21 06:47:24
[SECURITY] [DSA 4896-1] wordpress security update
2021-04-22 05:56:18
[SECURITY] [DSA 4896-1] wordpress security update
2021-04-22 05:56:34
Related for WPEX-ID:6A3EC618-C79E-4B9C-9020-86B157458AC5