Vulnerability Details : CVE-2021-29447

Wordpress is an open source CMS. A user with the ability to upload files (like an Author) can exploit an XML parsing issue in the Media Library leading to XXE attacks. This requires WordPress installation to be using PHP 8. Access to internal files is possible in a successful XXE attack. This has been patched in WordPress version 5.7.1, along with the older affected versions via a minor release. We strongly recommend you keep auto-updates enabled.

Vulnerability category: XML external entity (XXE) injection

Published 2021-04-15 21:15:18

Updated 2022-10-27 23:06:11

Source GitHub, Inc.

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2021-29447

Probability of exploitation activity in the next 30 days: 0.77%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 79 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2021-29447

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
4.0	MEDIUM	AV:N/AC:L/Au:S/C:P/I:N/A:N	8.0	2.9	[email protected]
Access Vector: Network Access Complexity: Low Authentication: Single Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None
6.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N	2.8	3.6	[email protected]
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: None
7.1	HIGH	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N	2.8	4.2	[email protected]
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: Low Availability: None

CWE ids for CVE-2021-29447

CWE-611 Improper Restriction of XML External Entity Reference

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.
Assigned by:
- [email protected] (Secondary)
- [email protected] (Primary)

References for CVE-2021-29447

https://www.debian.org/security/2021/dsa-4896

Third Party Advisory

CVEs referencing this url
https://blog.sonarsource.com/wordpress-xxe-security-vulnerability/

Exploit;Third Party Advisory
http://packetstormsecurity.com/files/164198/WordPress-5.7-Media-Library-XML-Injection.html

Exploit;Third Party Advisory;VDB Entry
https://wordpress.org/news/category/security/

Release Notes;Vendor Advisory

CVEs referencing this url
https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-rv47-pc52-qrhh

Third Party Advisory
http://packetstormsecurity.com/files/163148/XML-External-Entity-Via-MP3-File-Upload-On-WordPress.html

Third Party Advisory;VDB Entry
https://lists.debian.org/debian-lts-announce/2021/04/msg00017.html

Mailing List;Third Party Advisory

CVEs referencing this url

Products affected by CVE-2021-29447

Debian » Debian Linux » Version: 9.0
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Matching versions
Debian » Debian Linux » Version: 10.0
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
Matching versions
Wordpress » Wordpress
Versions from including (>=) 5.6.0 and before (<) 5.7.1
cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*
Matching versions