XXE in Wordpress Wordpress-develop
CVE-2021-29447
Wordpress is an open source CMS. A user with the ability to upload files (like an Author) can exploit an XML parsing issue in the Media Library leading to XXE attacks. This requires WordPress installation to be using PHP 8. Access to inter…
Vulnerability class: XXE (XML External Entity)
EPSS: 0.900 (99.6th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 7.1 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N.
Affected products
- Wordpress Wordpress-develop — versions >= 5.6.0, < 5.7.1
Weakness classification (CWE)
Public proof-of-concept exploits
- motikan2010/CVE-2021-29447
- mega8bit/exploit_cve-2021-29447
- 0xRar/CVE-2021-29447-PoC
- M3l0nPan/wordpress-cve-2021-29447
- Vulnmachines/wordpress_cve-2021-29447
- thomas-osgood/CVE-2021-29447
- elf1337/blind-xxe-controller-CVE-2021-29447
- dnr6419/CVE-2021-29447
- Tea-On/CVE-2021-29447-Authenticated-XXE-WordPress-5.6-5.7
- Abdulazizalsewedy/CVE-2021-29447
References
- github.com/WordPress/wordpress-develop/security/advisories/GHSA-rv47-pc52-qrhh (x_refsource_CONFIRM)
- wordpress.org/news/category/security/ (x_refsource_MISC)
- [debian-lts-announce] 20210421 [SECURITY] [DLA 2630-1] wordpress security update (mailing-list, x_refsource_MLIST)
- DSA-4896 (vendor-advisory, x_refsource_DEBIAN)
- packetstormsecurity.com/files/163148/XML-External-Entity-Via-MP3-File-Upload-On… (x_refsource_MISC)
- packetstormsecurity.com/files/164198/WordPress-5.7-Media-Library-XML-Injection… (x_refsource_MISC)
- blog.sonarsource.com/wordpress-xxe-security-vulnerability/ (x_refsource_MISC)
Frequently asked questions
- What is CVE-2021-29447?
- CVE-2021-29447 is a high-severity vulnerability in Wordpress Wordpress-develop, classified under Improper Restriction of XML External Entity Reference (XXE). CVSS score: 7.1/10. Published 2021-04-15.
- How severe is CVE-2021-29447?
- High severity. CVSS v3 base score is 7.1 out of 10.
- Is CVE-2021-29447 known to be exploited?
- 135 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.