Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/wordpress@5.7.1%2Bdfsg1-1?distro=trixie

Type deb

Namespace debian

Name wordpress

Version 5.7.1+dfsg1-1

Qualifiers

distro	trixie

Subpath

Is_vulnerable false

Next_non_vulnerable_version 5.7.3+dfsg1-0+deb11u1

Latest_non_vulnerable_version 6.9.4+dfsg1-1

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-2brj-ncs1-y7du

vulnerability_id VCID-2brj-ncs1-y7du

summary Wordpress is an open source CMS. A user with the ability to upload files (like an Author) can exploit an XML parsing issue in the Media Library leading to XXE attacks. This requires WordPress installation to be using PHP 8. Access to internal files is possible in a successful XXE attack. This has been patched in WordPress version 5.7.1, along with the older affected versions via a minor release. We strongly recommend you keep auto-updates enabled.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-29447

reference_id

reference_type

scores

value	0.89975
scoring_system	epss
scoring_elements	0.99597
published_at	2026-06-04T12:55:00Z

value	0.89975
scoring_system	epss
scoring_elements	0.99598
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-29447

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29447
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29447

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29450
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29450

reference_url

https://security.archlinux.org/AVG-1831

reference_id

AVG-1831

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1831

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/50304.sh
reference_id	CVE-2021-29447
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/50304.sh

fixed_packages

url	pkg:deb/debian/wordpress@5.7.1%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/wordpress@5.7.1%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.1%252Bdfsg1-1%3Fdistro=trixie

url pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-eg3u-uaqx-m7f2

vulnerability	VCID-sjsv-4uy2-aqct

vulnerability	VCID-v95d-ak24-uqbz

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-sjsv-4uy2-aqct

vulnerability	VCID-v95d-ak24-uqbz

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie

aliases CVE-2021-29447

risk_score 10.0

exploitability 2.0

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2brj-ncs1-y7du

url VCID-xycz-421s-uqhw

vulnerability_id VCID-xycz-421s-uqhw

summary Wordpress is an open source CMS. One of the blocks in the WordPress editor can be exploited in a way that exposes password-protected posts and pages. This requires at least contributor privileges. This has been patched in WordPress 5.7.1, along with the older affected versions via minor releases. It's strongly recommended that you keep auto-updates enabled to receive the fix.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-29450

reference_id

reference_type

scores

value	0.0208
scoring_system	epss
scoring_elements	0.84295
published_at	2026-06-04T12:55:00Z

value	0.0208
scoring_system	epss
scoring_elements	0.84319
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-29450

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29447
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29447

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29450
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29450

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987065
reference_id	987065
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987065

reference_url

https://security.archlinux.org/AVG-1831

reference_id

AVG-1831

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1831

fixed_packages

url	pkg:deb/debian/wordpress@5.7.1%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/wordpress@5.7.1%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.1%252Bdfsg1-1%3Fdistro=trixie

url pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-eg3u-uaqx-m7f2

vulnerability	VCID-sjsv-4uy2-aqct

vulnerability	VCID-v95d-ak24-uqbz

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-sjsv-4uy2-aqct

vulnerability	VCID-v95d-ak24-uqbz

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie

aliases CVE-2021-29450

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xycz-421s-uqhw

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.1%252Bdfsg1-1%3Fdistro=trixie

Package Instance