Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-29450)

Description

Wordpress is an open source CMS. One of the blocks in the WordPress editor can be exploited in a way that exposes password-protected posts and pages. This requires at least contributor privileges. This has been patched in WordPress 5.7.1, along with the older affected versions via minor releases. It's strongly recommended that you keep auto-updates enabled to receive the fix.

Remediation

References

Related Vulnerabilities

Oracle JRE CVE-2012-0505 Vulnerability (CVE-2012-0505)

WordPress Plugin RestroPress-Online Food Ordering System Cross-Site Request Forgery (2.8.2)

WordPress Plugin Contextual Related Posts Cross-Site Request Forgery (1.8.6)

Mailman Other Vulnerability (CVE-2005-3573)

WordPress Plugin WooCommerce PDF Vouchers-Ultimate Gift Cards Security Bypass (4.9.3)

Severity

Medium

Classification

CVE-2021-29450 CWE-200 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities