WordPress XXE Vulnerability in Media Library – CVE-2021-29447
WordPress versions 5.7, 5.6.2, 5.6.1, 5.6, 5.0.11 are affected to XML eXternal Entity vulnerability where an authenticated user with the ability to upload files in the Media Library can upload a malicious WAVE file that could lead to remote arbitrary file disclosure and server-side request forgery (SSRF). WordPress uses ID3 library to parse information about an audio …
WordPress XXE Vulnerability in Media Library – CVE-2021-29447 Read More »