CVE-2021-29447 — Vulnetix

CVE-2021-29447 PUBLISHED CVSS 8.600000381469727 HIGH

WordPress Authenticated XXE attack when installation is running PHP 8

EPSS 90.78% · 99.6th percentile

Risk Scores

CVSS 4.0

8.600000381469727

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS Score

90.78%

99.6th percentile

Affected Products

Vendor	Product	Versions
Bitnami	wordpress	5.6.0
Bitnami	wordpress-multisite	5.6.0
Bitnami	wordpress-multisite	5.6.0, 5.6.0, 5.6.0
Bitnami	wordpress	5.6.0, 5.6.0, 5.6.0

Exploit Intelligence

Proof of Concept for CVE-2021-29447 written in Python (github-poc-repo)
Proof of Concept for CVE-2021-29447 written in Python (github-poc-repo)
Proof of Concept for CVE-2021-29447 written in Python (github-poc-repo)
Proof of Concept for CVE-2021-29447 written in Python (github-poc-repo)
Proof of Concept for CVE-2021-29447 written in Python (github-poc-repo)
Proof of Concept for CVE-2021-29447 written in Python (github-poc-repo)
Arbitrary file read controller based on CVE-2021-29447 (github-poc-repo)
Arbitrary file read controller based on CVE-2021-29447 (github-poc-repo)
Arbitrary file read controller based on CVE-2021-29447 (github-poc-repo)
Arbitrary file read controller based on CVE-2021-29447 (github-poc-repo)

…and 247 more exploits

Timeline

Apr 15, 2021 CVE Published
Apr 16, 2021 EPSS Score
Apr 21, 2021 EPSS Score
Apr 27, 2021 EPSS Score
Sep 20, 2021 PoC Published
Sep 21, 2021 EPSS Score
Feb 4, 2022 EPSS Score
Sep 14, 2022 EPSS Score
Nov 15, 2022 EPSS Score
Aug 3, 2024 CVE Updated
Sep 2, 2024 EPSS Score
Nov 14, 2024 PoC Published

References

Open in Interactive Console →

$ Console Community · 100/wk Open console ›