CVE-2021-29447

Published: Apr 15, 2021Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

Wordpress is an open source CMS. A user with the ability to upload files (like an Author) can exploit an XML parsing issue in the Media Library leading to XXE attacks. This requires WordPress installation to be using PHP 8. Access to internal files is possible in a successful XXE attack. This has been patched in WordPress version 5.7.1, along with the older affected versions via a minor release. We strongly recommend you keep auto-updates enabled.

Affected (3)

Products: Wordpress: Wordpress · Debian: Debian Linux

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Wordpress Wordpress	From 5.6.0 to 5.7.1

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 10.0
Debian Debian Linux	Version 9.0

Related CWEs

Improper Restriction of XML External Entity Reference

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

References (14)

http://packetstormsecurity.com/files/163148/XML-External-Entity-Via-MP3-File-Upload-On-WordPress.html

Source: security-advisories@github.com

Third Party AdvisoryVDB Entry

http://packetstormsecurity.com/files/164198/WordPress-5.7-Media-Library-XML-Injection.html

Source: security-advisories@github.com

ExploitThird Party AdvisoryVDB Entry

https://blog.sonarsource.com/wordpress-xxe-security-vulnerability/

Source: security-advisories@github.com

ExploitThird Party Advisory

https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-rv47-pc52-qrhh

Source: security-advisories@github.com

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2021/04/msg00017.html

Source: security-advisories@github.com

Mailing ListThird Party Advisory

https://wordpress.org/news/category/security/

Source: security-advisories@github.com

Release NotesVendor Advisory

https://www.debian.org/security/2021/dsa-4896

Source: security-advisories@github.com

Third Party Advisory

http://packetstormsecurity.com/files/163148/XML-External-Entity-Via-MP3-File-Upload-On-WordPress.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://packetstormsecurity.com/files/164198/WordPress-5.7-Media-Library-XML-Injection.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

https://blog.sonarsource.com/wordpress-xxe-security-vulnerability/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-rv47-pc52-qrhh

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2021/04/msg00017.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://wordpress.org/news/category/security/

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

https://www.debian.org/security/2021/dsa-4896

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.