CVE-2021-29447

Name of the Vulnerable Software and Affected Versions WordPress versions prior to 5.7.1

Description The issue is related to an XML parsing problem in the Media Library of WordPress, which can lead to XXE attacks. This vulnerability can be exploited by a user with the ability to upload files, such as an Author, and requires the WordPress installation to be using PHP 8. A successful attack can provide access to internal files.

Recommendations For versions prior to 5.7.1, update to WordPress version 5.7.1 or later to resolve the issue. As a temporary workaround, consider restricting file upload permissions to minimize the risk of exploitation. Keep auto-updates enabled to ensure the latest security patches are applied.