Information Exposure Affecting wordpress package, versions <5.7.1+dfsg1-1
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-DEBIANUNSTABLE-WORDPRESS-1247797
- published 16 Apr 2021
- disclosed 15 Apr 2021
Introduced: 15 Apr 2021
CVE-2021-29450 Open this link in a new tabHow to fix?
Upgrade Debian:unstable wordpress to version 5.7.1+dfsg1-1 or higher.
NVD Description
Note: Versions mentioned in the description apply only to the upstream wordpress package and not the wordpress package as distributed by Debian.
See How to fix? for Debian:unstable relevant fixed versions and status.
Wordpress is an open source CMS. One of the blocks in the WordPress editor can be exploited in a way that exposes password-protected posts and pages. This requires at least contributor privileges. This has been patched in WordPress 5.7.1, along with the older affected versions via minor releases. It's strongly recommended that you keep auto-updates enabled to receive the fix.
References
- https://security-tracker.debian.org/tracker/CVE-2021-29450
- https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-pmmh-2f36-wvhq
- https://www.debian.org/security/2021/dsa-4896
- https://wordpress.org/news/category/security/
- https://lists.debian.org/debian-lts-announce/2021/04/msg00017.html