CVE-2021-39203

CVSS v3.1

6.8

Medium

Vector

AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions WordPress versions 5.8 beta

Description The issue is related to authentication errors in the WordPress content management system. It allows a remote attacker to bypass existing restrictions. Authenticated users without permission to view private post types or data can bypass restrictions in the block editor under certain conditions.

Recommendations For WordPress version 5.8 beta, update to the final 5.8 release to resolve the issue. As a temporary workaround, consider restricting access to the block editor for authenticated users without proper permissions until the update is applied.

Fix

Information Disclosure

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200CWE-863

Related Identifiers

BDU:2021-05109

BIT-WORDPRESS-2021-39203

BIT-WORDPRESS-MULTISITE-2021-39203

CVE-2021-39203

GHSA-QXVW-QXM9-QVG6

Affected Products

Wordpress

CVE-2021-39203

Weakness Enumeration

Related Identifiers

Affected Products

References · 11