Vulnerabilities > CVE-2021-39202 - Unspecified vulnerability in Wordpress 5.8

CVSS 5.4 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

NONE

network

low complexity

wordpress

NVD

Published: 2021-09-09

Updated: 2024-11-21

Summary

WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. In affected versions the widgets editor introduced in WordPress 5.8 beta 1 has improper handling of HTML input in the Custom HTML feature. This leads to stored XSS in the custom HTML widget. This has been patched in WordPress 5.8. It was only present during the testing/beta phase of WordPress 5.8.

Vulnerable Configurations

Part	Description	Count
Application	Wordpress Wordpress Wordpress 5.8	2

References

https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-fr6h-3855-j297
https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-fr6h-3855-j297
https://hackerone.com/reports/1222797
https://hackerone.com/reports/1222797