QSearchQSearch

CVE-2021-39203

6.8 MEDIUM

WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database

Published: 2021-09-09 · Last updated: 2026-06-17

Severity and scoring

CVSS
6.8 MEDIUM
Vector
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
CWE
CWE-200

Affected products

VendorProduct
wordpresswordpress

Description

WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. In affected versions authenticated users who don't have permission to view private post types/data can bypass restrictions in the block editor under certain conditions. This affected WordPress 5.8 beta during the testing period. It's fixed in the final 5.8 release.

Source: NVD

References

Related CVEs

Same vendor

  • CVE-2021-39202 WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database (7.6 HIGH)
  • CVE-2021-39201 WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database (7.6 HIGH)
  • CVE-2021-39200 WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database (5.3 MEDIUM)

Same CWE

  • CVE-2026-12117 Improper access control in the social login connection endpoint in Devolutions Server 2026.2.5 allows an authenticated vault member to ...
  • CVE-2026-12320 Information disclosure in the Password Manager component (4.3 MEDIUM)
  • CVE-2026-12311 Information disclosure, sandbox escape in the Security: Process Sandboxing component (4.7 MEDIUM)
  • CVE-2026-50870 An information disclosure vulnerability in the configuration endpoint of Ben Busby whoogle-search v1.2.3 allows attackers to obtain sensi... (7.5 HIGH)
  • CVE-2026-39007 An issue in Observeinc's Observe v.2026-01-28 and before allows a remote attacker to obtain sensitive information via the CSV Log export ... (7.5 HIGH)