CVE-2021-39203

WordPress/wordpress-develop

on github

Published

September 9, 2021

Severity

CVSS v3:

6.5 MEDIUM

CVSS v2:

6 MEDIUM

Description

WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. In affected versions authenticated users who don't have permission to view private post types/data can bypass restrictions in the block editor under certain conditions. This affected WordPress 5.8 beta during the testing period. It's fixed in the final 5.8 release.

References

https://hackerone.com/reports/1225282
https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-qxvw-qxm9-qvg6

Configurations

CPE23	Version Start	Version End	Exact Version
cpe:2.3:a:wordpress:wordpress:5.8:beta1::::::	n/a	n/a	5.8

External Links

NVD - CVE-2021-39203