Vulnerability from bitnami_vulndb
Published
2024-03-06 11:10
Modified
2025-05-20 10:02
Summary
Information Disclosure in wp_die() via JSONP in wordpress
Details

WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. In affected versions output data of the function wp_die() can be leaked under certain conditions, which can include data like nonces. It can then be used to perform actions on your behalf. This has been patched in WordPress 5.8.1, along with any older affected versions via minor releases. It's strongly recommended that you keep auto-updates enabled to receive the fix.

To clipboard 

{
  "affected": [
    {
      "package": {
        "ecosystem": "Bitnami",
        "name": "wordpress",
        "purl": "pkg:bitnami/wordpress"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "5.2.0"
            },
            {
              "fixed": "5.8.1"
            }
          ],
          "type": "SEMVER"
        }
      ],
      "severity": [
        {
          "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "type": "CVSS_V3"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-39200"
  ],
  "database_specific": {
    "cpes": [
      "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*"
    ],
    "severity": "Medium"
  },
  "details": "WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. In affected versions output data of the function wp_die() can be leaked under certain conditions, which can include data like nonces. It can then be used to perform actions on your behalf. This has been patched in WordPress 5.8.1, along with any older affected versions via minor releases. It\u0027s strongly recommended that you keep auto-updates enabled to receive the fix.",
  "id": "BIT-wordpress-2021-39200",
  "modified": "2025-05-20T10:02:07.006Z",
  "published": "2024-03-06T11:10:40.070Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-m9hc-7v5q-x8q5"
    },
    {
      "type": "WEB",
      "url": "https://hackerone.com/reports/1142140"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2021/dsa-4985"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39200"
    }
  ],
  "schema_version": "1.5.0",
  "summary": "Information Disclosure in wp_die() via JSONP in wordpress"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.