CVE-2021-39203
6.5
MEDIUM
CVSS 3.1
EPSS 1.2%
Description
WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. In affected versions authenticated users who don't have permission to view private post types/data can bypass restrictions in the block editor under certain conditions. This affected WordPress 5.8 beta during the testing period. It's fixed in the final 5.8 release.
How to fix CVE-2021-39203
No fixed version has been published yet. Mitigate by removing the affected package or applying upstream guidance from the references below.
- —no fix listed
Is CVE-2021-39203 being exploited?
Low — EPSS is 1.2%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- >= 5.8-beta1.0, <= 5.8-beta1.0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.5 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |