Unrated severityNVD Advisory· Published Apr 15, 2021· Updated Aug 3, 2024
WordPress Authenticated disclosure of password-protected posts and pages
CVE-2021-29450
Description
Wordpress is an open source CMS. One of the blocks in the WordPress editor can be exploited in a way that exposes password-protected posts and pages. This requires at least contributor privileges. This has been patched in WordPress 5.7.1, along with the older affected versions via minor releases. It's strongly recommended that you keep auto-updates enabled to receive the fix.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4- osv-coords2 versions
>= 4.7.0, < 5.7.1+ 1 more
- (no CPE)range: >= 4.7.0, < 5.7.1
- (no CPE)range: >= 4.7.0, < 5.7.1
- Range: >= 4.70,< 5.7.1
Patches
Vulnerability mechanics
References
4- www.debian.org/security/2021/dsa-4896mitrevendor-advisoryx_refsource_DEBIAN
- github.com/WordPress/wordpress-develop/security/advisories/GHSA-pmmh-2f36-wvhqmitrex_refsource_CONFIRM
- lists.debian.org/debian-lts-announce/2021/04/msg00017.htmlmitremailing-listx_refsource_MLIST
- wordpress.org/news/category/security/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.