CVE-2021-39200

WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. In affected versions output data of the function wp_die() can be leaked under certain conditions, which can include data like nonces. It can then be used to perform actions on your behalf. This has been patched in WordPress 5.8.1, along with any older affected versions via minor releases. It's strongly recommended that you keep auto-updates enabled to receive the fix.
Configurations

Configuration 1 (hide)

cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

History

14 Dec 2021, 21:38

Type Values Removed Values Added
References (DEBIAN) https://www.debian.org/security/2021/dsa-4985 - (DEBIAN) https://www.debian.org/security/2021/dsa-4985 - Third Party Advisory
CPE cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

14 Oct 2021, 23:15

Type Values Removed Values Added
References
  • (DEBIAN) https://www.debian.org/security/2021/dsa-4985 -

24 Sep 2021, 13:43

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 5.3
v2 : 4.3
v3 : 5.3
References (CONFIRM) https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-m9hc-7v5q-x8q5 - (CONFIRM) https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-m9hc-7v5q-x8q5 - Third Party Advisory
References (MISC) https://hackerone.com/reports/1142140 - (MISC) https://hackerone.com/reports/1142140 - Permissions Required
CPE cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*

09 Sep 2021, 22:15

Type Values Removed Values Added
New CVE

Information

Published : 2021-09-09 22:15

Updated : 2023-12-10 14:09


NVD link : CVE-2021-39200

Mitre link : CVE-2021-39200

CVE.ORG link : CVE-2021-39200


JSON object : View

Products Affected

debian

  • debian_linux

wordpress

  • wordpress
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor