Description

Wordpress is an open source CMS. One of the blocks in the WordPress editor can be exploited in a way that exposes password-protected posts and pages. This requires at least contributor privileges. This has been patched in WordPress 5.7.1, along with the older affected versions via minor releases. It's strongly recommended that you keep auto-updates enabled to receive the fix.

Remediation

References

CVE-2021-29450

Related Vulnerabilities

WebLogic CVE-2024-21183 Vulnerability (CVE-2024-21183)

WordPress Plugin WP-Stats-Dashboard Multiple Cross-Site Scripting Vulnerabilities (2.6.5.1)

Oracle Database Server Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-5498)

Joomla CVE-2012-2747 Vulnerability (CVE-2012-2747)

XWiki Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2023-36470)

Severity

Medium

Classification

CVE-2021-29450 CWE-200 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities