5.3

CVE-2021-39200

Information Disclosure in wp_die() via JSONP in wordpress

WordPress Core 5.4 - 5.8 - Sensitive Information Disclosure

WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. In affected versions output data of the function wp_die() can be leaked under certain conditions, which can include data like nonces. It can then be used to perform actions on your behalf. This has been patched in WordPress 5.8.1, along with any older affected versions via minor releases. It's strongly recommended that you keep auto-updates enabled to receive the fix.
Mögliche Gegenmaßnahme
WordPress: Update to one of the following versions, or a newer patched version: 5.4.7, 5.5.6, 5.6.5, 5.7.3, 5.8.1
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
WordpressWordpress Version >= 5.2 < 5.8.1
DebianDebian Linux Version10.0
DebianDebian Linux Version11.0
Weitere Schwachstelleninformationen
SystemWordPress Core
Produkt WordPress
Version [5.4, 5.4.7)
Version [5.5, 5.5.6)
Version [5.6, 5.6.5)
Version [5.7, 5.7.3)
Version [5.8, 5.8.1)
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.21% 0.804
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:P/I:N/A:N
security-advisories@github.com 5.3 1.6 3.6
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-m9hc-7v5q-x8q5
Third Party Advisory
https://hackerone.com/reports/1142140
Permissions Required
https://www.debian.org/security/2021/dsa-4985
Third Party Advisory
https://www.wordfence.com/threat-intel/vulnerabilities/id/7b851fd6-1477-4370-abf9-42ae2b6f8899
Third Party Advisory