Vulnerability identifier: #VU52549

Vulnerability risk: Medium

CVSSv3.1: 4.9 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C]

CVE-ID: CVE-2021-29447

CWE-ID: CWE-611

Exploitation vector: Network

Exploits in database: 6

• April 30, 2023
  • blind-xxe-controller-CVE-2021-29447 (Arbitrary file read controller based on CVE-2021-29447) [Github]
• November 13, 2022
  • wordpress-cve-2021-29447 (Exploit WordPress Media Library XML External Entity Injection (XXE) to exfiltrate files.) [Github]
• November 25, 2021
  • WordPress 5.7 - 'Media Library' XML External Entity Injection (XXE) (Authenticated) [Exploit-DB]
• August 29, 2021
  • CVE-2021-29447 () [Github]
• June 1, 2021
  • CVE-2021-29447 (Wordpress XXE injection 구축 자동화 및 PoC ) [Github]
• May 24, 2021
  • wordpress_cve-2021-29447 (WordPress XXE vulnerability) [Github]

Impact: Information disclosure and data manipulation

Vulnerable software:
WordPress
Web applications / CMS

Vendor: WordPress.ORG