Vulnerabilities > CVE-2021-39203 - Unspecified vulnerability in Wordpress 5.8

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

wordpress

NVD

Published: 2021-09-09

Updated: 2024-11-21

Summary

WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. In affected versions authenticated users who don't have permission to view private post types/data can bypass restrictions in the block editor under certain conditions. This affected WordPress 5.8 beta during the testing period. It's fixed in the final 5.8 release.

Vulnerable Configurations

Part	Description	Count
Application	Wordpress Wordpress Wordpress 5.8	1

References

https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-qxvw-qxm9-qvg6
https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-qxvw-qxm9-qvg6
https://hackerone.com/reports/1225282
https://hackerone.com/reports/1225282