Unrated severityNVD Advisory· Published Sep 9, 2021· Updated Aug 4, 2024

Information Disclosure in wp_die() via JSONP in wordpress

CVE-2021-39200

Description

WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. In affected versions output data of the function wp_die() can be leaked under certain conditions, which can include data like nonces. It can then be used to perform actions on your behalf. This has been patched in WordPress 5.8.1, along with any older affected versions via minor releases. It's strongly recommended that you keep auto-updates enabled to receive the fix.

Affected products

osv-coords2 versions
pkg:bitnami/wordpress pkg:bitnami/wordpress-multisite
>= 5.2.0, < 5.8.1+ 1 more
- (no CPE)range: >= 5.2.0, < 5.8.1
- (no CPE)range: >= 5.2.0, < 5.8.1
WordPress/wordpress-developv5
Range: >= 5.2.0, < 5.8.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.debian.org/security/2021/dsa-4985mitrevendor-advisoryx_refsource_DEBIAN
github.com/WordPress/wordpress-develop/security/advisories/GHSA-m9hc-7v5q-x8q5mitrex_refsource_CONFIRM
hackerone.com/reports/1142140mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000