Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
3.5
CVSSv2

CVE-2021-39201

Published: 09/09/2021 Updated: 14/12/2021
CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8
CVSS v3 Base Score: 5.4 | Impact Score: 2.7 | Exploitability Score: 2.3
VMScore: 312
Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N
Subscribe to Wordpress

Vulnerability Summary

WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. ### Impact The issue allows an authenticated but low-privileged user (like contributor/author) to execute XSS in the editor. This bypasses the restrictions imposed on users who do not have the permission to post `unfiltered_html`. ### Patches This has been patched in WordPress 5.8, and will be pushed to older versions via minor releases (automatic updates). It's strongly recommended that you keep auto-updates enabled to receive the fix. ### References wordpress.org/news/category/releases/ hackerone.com/reports/1142140 ### For more information If you have any questions or comments about this advisory: * Open an issue in [HackerOne](hackerone.com/wordpress)

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

wordpress wordpress

debian debian linux 10.0

debian debian linux 11.0

Vendor Advisories

Debian CVElist Bug Report Logs: wordpress: CVE-2021-39200
Debian Bug report logs - #994060 wordpress: CVE-2021-39200 Package: src:wordpress; Maintainer for src:wordpress is Craig Small <csmall@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 10 Sep 2021 19:27:04 UTC Severity: important Tags: security, upstream Found in version wordpress/571+d ...
Debian CVElist Bug Report Logs: wordpress: CVE-2021-39201
Debian Bug report logs - #994059 wordpress: CVE-2021-39201 Package: src:wordpress; Maintainer for src:wordpress is Craig Small <csmall@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 10 Sep 2021 19:27:01 UTC Severity: important Tags: security, upstream Found in versions wordpress/5012 ...
Debian Security Advisories: DSA-4985-1 wordpress -- security update
Several vulnerabilities were discovered in Wordpress, a web blogging tool They allowed remote attackers to perform Cross-Site Scripting (XSS) attacks or impersonate other users For the oldstable distribution (buster), these problems have been fixed in version 5014+dfsg1-0+deb10u1 For the stable distribution (bullseye), these problems have been ...

References

CWE-79https://hackerone.com/reports/1142140https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-wh69-25hr-h94vhttps://www.debian.org/security/2021/dsa-4985https://nvd.nist.govhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=994060https://www.debian.org/security/2021/dsa-4985
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-2907hardcodedinjectCVE-2024-20359CVE-2024-2467CVE-2024-4077CVE-2024-22391cameraCVE-2024-20353
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook