CVE-2021-29450

Wordpress is an open source CMS. One of the blocks in the WordPress editor can be exploited in a way that exposes password-protected posts and pages. This requires at least contributor privileges. This has been patched in WordPress 5.7.1, along with the older affected versions via minor releases. It's strongly recommended that you keep auto-updates enabled to receive the fix.

Published: Apr 16, 2021
Updated: Apr 14, 2023
CVE: CVE-2021-29450
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.3
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CVSS v2:

Severity: Low
Score: 4
AV:N/AC:L/Au:S/C:P/I:N/A:N

CWEs:

CWE-200

Affected Software
References

Software	From	Fixed in
WordPress / wordpress	4.7	5.7.1
debian / debian_linux	9.0	9.0.x
debian / debian_linux	10.0	10.0.x

https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-pmmh-2f36-wvhq
https://lists.debian.org/debian-lts-announce/2021/04/msg00017.html
https://wordpress.org/news/category/security/
https://www.debian.org/security/2021/dsa-4896

Vulnerability Database

289,697

CVE-2021-29450