WordPress Authenticated XXE attack when installation is running PHP 8
CVE-2021-29447

7.1HIGH

Key Information:

Vendor
Wordpress
Status
WordPress-develop
Vendor
CVE Published:
15 April 2021

Badges

πŸ‘Ύ Exploit Exists🟑 Public PoC🟣 EPSS 33%

Summary

Wordpress is an open source CMS. A user with the ability to upload files (like an Author) can exploit an XML parsing issue in the Media Library leading to XXE attacks. This requires WordPress installation to be using PHP 8. Access to internal files is possible in a successful XXE attack. This has been patched in WordPress version 5.7.1, along with the older affected versions via a minor release. We strongly recommend you keep auto-updates enabled.

Affected Version(s)

wordpress-develop >= 5.6.0, < 5.7.1

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2021-29447
Created by motikan2010

exploit_cve-2021-29447
Created by mega8bit

CVE-2021-29447-PoC
Created by 0xRar

References

https://github.com/WordPress/wordpress-develop/security/a...
x_refsource_CONFIRM
https://wordpress.org/news/category/security/
x_refsource_MISC
https://lists.debian.org/debian-lts-announce/2021/04/msg0...
mailing-listx_refsource_MLIST

EPSS Score

33% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • 🟑

    Public PoC available

  • πŸ‘Ύ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.