AVG-1831 log

Package wordpress
Status Fixed
Severity Medium
Type multiple issues
Affected 5.7-1
Fixed 5.7.1-1
Current 6.4.3-1 [extra]
Ticket None
Created Fri Apr 16 11:20:35 2021
Issue Severity Remote Type Description
CVE-2021-29450 Medium Yes Information disclosure
One of the blocks in the WordPress editor can be exploited in a way that exposes password-protected posts and pages. This requires at least contributor...
CVE-2021-29447 Medium Yes Xml external entity injection
A user with the ability to upload files (like an Author) can exploit an XML parsing issue in the Media Library leading to XML external entity injection...