Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Private data disclosure/privilege escalation through the block editor in Wordpress
Vulnerability Description
WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. In affected versions authenticated users who don't have permission to view private post types/data can bypass restrictions in the block editor under certain conditions. This affected WordPress 5.8 beta during the testing period. It's fixed in the final 5.8 release.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
Vulnerability Type
信息暴露
Vulnerability Title
WordPress 信息泄露漏洞
Vulnerability Description
WordPress是WordPress(Wordpress)基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。 WordPress 5.8 beta 版存在信息泄露漏洞,攻击者可利用该漏洞绕过编辑器中的限制,查看私有数据。这个问题在5.8正式版本中得到了修复。
CVSS Information
N/A
Vulnerability Type
N/A