5.3
CVE-2021-39200
- EPSS 1.77%
- Veröffentlicht 09.09.2021 22:15:09
- Zuletzt bearbeitet 21.11.2024 06:18:52
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
LoginInformation Disclosure in wp_die() via JSONP in wordpress
WordPress Core 5.4 - 5.8 - Sensitive Information Disclosure
WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. In affected versions output data of the function wp_die() can be leaked under certain conditions, which can include data like nonces. It can then be used to perform actions on your behalf. This has been patched in WordPress 5.8.1, along with any older affected versions via minor releases. It's strongly recommended that you keep auto-updates enabled to receive the fix.
Mögliche Gegenmaßnahme
WordPress: Update to one of the following versions, or a newer patched version: 5.4.7, 5.5.6, 5.6.5, 5.7.3, 5.8.1
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Debian ≫ Debian Linux Version10.0
Debian ≫ Debian Linux Version11.0
Weitere Schwachstelleninformationen
SystemWordPress Core
≫
Produkt
WordPress
Version
[5.4, 5.4.7)
Version
[5.5, 5.5.6)
Version
[5.6, 5.6.5)
Version
[5.7, 5.7.3)
Version
[5.8, 5.8.1)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.77% | 0.823 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:P/I:N/A:N
|
| security-advisories@github.com | 5.3 | 1.6 | 3.6 |
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.