Source: wordpress Version: 5.7+dfsg1-1 Severity: grave Tags: security upstream Justification: user security hole X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Control: found -1 5.0.11+dfsg1-0+deb10u1
Hi, The following vulnerability was published for wordpress. CVE-2021-29450[0]: | Wordpress is an open source CMS. One of the blocks in the WordPress | editor can be exploited in a way that exposes password-protected posts | and pages. This requires at least contributor privileges. This has | been patched in WordPress 5.7.1, along with the older affected | versions via minor releases. It's strongly recommended that you keep | auto-updates enabled to receive the fix. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2021-29450 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29450 [1] https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-pmmh-2f36-wvhq Regards, Salvatore