Lucene search
WpvulndbWPVDB-ID:5B754676-20F5-4478-8FD3-6BC383145811HistorySep 09, 2021 - 12:00 a.m.
WordPress 5.4 to 5.8 - Authenticated XSS in Block Editor
2021-09-0900:00:00
wpscan.com
153
0.001 Low
EPSS
Percentile
43.7%
On September 9, 2021 WordPress version 5.8.1 was released fixing three vulnerabilities. The official blog post states: “Props to Michał Bentkowski of Securitum for reporting a XSS vulnerability in the block editor.” Further details: The issue allows an authenticated but low-privileged user (like contributor/author) to execute XSS in the editor. This bypasses the restrictions imposed on users who do not have the permission to post unfiltered_html.
Related
osv
osv
wordpress - security update
2021-10-14 00:00:00
BIT-wordpress-multisite-2021-39201
2024-03-06 11:10:19
CVE-2021-39201
2021-09-09 22:15:09
nvd
nvd
CVE-2021-39201
2021-09-09 22:15:09
cve
cve
CVE-2021-39201
2021-09-09 22:15:09
debiancve
debiancve
CVE-2021-39201
2021-09-09 22:15:09
ubuntucve
ubuntucve
CVE-2021-39201
2021-09-09 00:00:00
cvelist
cvelist
CVE-2021-39201 Authenticated cross-site scripting (XSS) in WordPress editor
2021-09-09 21:35:08
patchstack
patchstack
prion
prion
Double free
2021-09-09 22:15:00
openvas
openvas
Debian: Security Advisory (DSA-4985-1)
2021-10-15 00:00:00
WordPress Multiple Vulnerabilities (Sep 2021) - Windows
2021-09-09 00:00:00
WordPress Multiple Vulnerabilities (Sep 2021) - Linux
2021-09-09 00:00:00
debian
debian
[SECURITY] [DSA 4985-1] wordpress security update
2021-10-14 14:46:18
[SECURITY] [DSA 4985-1] wordpress security update
2021-10-14 14:46:18
nessus
nessus
Debian DSA-4985-1 : wordpress - security update
2021-10-15 00:00:00