Skip to content

WordPress: Information Disclosure in wp_die() via JSONP, leading to CSRF

Moderate
ehti published GHSA-m9hc-7v5q-x8q5 Sep 9, 2021

Package

No package listed

Affected versions

5.2 - 5.8

Patched versions

5.8.1

Description

Impact

Output data of the function wp_die() can be leaked under certain conditions, which can include data like nonces. It can then be used to perform actions on your behalf.

Patches

This has been patched in WordPress 5.8.1, along with any older affected versions via minor releases. It's strongly recommended that you keep auto-updates enabled to receive the fix.

References

https://wordpress.org/news/category/releases/
https://hackerone.com/reports/1142140

For more information

If you have any questions or comments about this advisory:

Severity

Moderate

CVE ID

CVE-2021-39200

Weaknesses

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. Learn more on MITRE.

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request. Learn more on MITRE.