Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
WordPress 5.4.x Multiple Vulnerabilities (5.4 - 5.4.4) - Vulnerability Database

WordPress 5.4.x Multiple Vulnerabilities (5.4 - 5.4.4)

Description

WordPress is prone to multiple vulnerabilities, including XML External Entity injection and information disclosure vulnerabilities. Exploiting these issues could allow an attacker to obtain sensitive information which could be used to launch further attacks. WordPress versions 5.4.x ranging from 5.4 and up to (and including) 5.4.4 are vulnerable.

Remediation

Update to WordPress version 5.4.5 or latest

References

https://blog.sonarsource.com/wordpress-xxe-security-vulnerability/
https://github.com/motikan2010/CVE-2021-29447
https://wordpress.org/support/wordpress-version/version-5-4-5/

Related Vulnerabilities

Apache 2.x version older than 2.0.43 Medium
Common tags: Missing Update
WordPress Plugin Sabre 'tools.php' Cross-Site Scripting (1.2.0) High
Common tags: Missing Update
WordPress Plugin WordPress Download Manager 'cid' Parameter Cross-Site Scripting (2.2.2) High
Common tags: Missing Update
WordPress Plugin Track That Stat 'data' Parameter Cross-Site Scripting (1.0.8) High
Common tags: Missing Update
WordPress Plugin Subscribe2 Multiple Cross-Site Scripting Vulnerabilities (8.1) High
Common tags: Missing Update

Severity

High

Classification

CVE-2021-29447
CVE-2021-29450
CWE-200
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update