DEBIAN-CVE-2021-44223

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/DEBIAN-CVE-2021-44223

Import Source

https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2021-44223.json

JSON Data

https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2021-44223

Upstream

CVE-2021-44223

Published

2021-11-25T15:15:09Z

Modified

2025-09-19T06:14:06Z

Summary

[none]

Details

WordPress before 5.8 lacks support for the Update URI plugin header. This makes it easier for remote attackers to execute arbitrary code via a supply-chain attack against WordPress installations that use any plugin for which the slug satisfies the naming constraints of the WordPress.org Plugin Directory but is not yet present in that directory.

References

https://security-tracker.debian.org/tracker/CVE-2021-44223

Affected packages

Debian:12 / wordpress

Package

Name: wordpress
Purl: pkg:deb/debian/wordpress?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.8.1+dfsg1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / wordpress

Package

Name: wordpress
Purl: pkg:deb/debian/wordpress?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.8.1+dfsg1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:14 / wordpress

Package

Name: wordpress
Purl: pkg:deb/debian/wordpress?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.8.1+dfsg1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}