VulnerableCode Package Details - pkg:deb/debian/wordpress@5.8.1%2Bdfsg1-1?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-47he-853j-8qdn	WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. In affected versions output data of the function wp_die() can be leaked under certain conditions, which can include data like nonces. It can then be used to perform actions on your behalf. This has been patched in WordPress 5.8.1, along with any older affected versions via minor releases. It's strongly recommended that you keep auto-updates enabled to receive the fix.	CVE-2021-39200
VCID-azyj-28v6-ufhg	security update	CVE-2021-39201
VCID-yqam-kpce-dfg7	WordPress before 5.8 lacks support for the Update URI plugin header. This makes it easier for remote attackers to execute arbitrary code via a supply-chain attack against WordPress installations that use any plugin for which the slug satisfies the naming constraints of the WordPress.org Plugin Directory but is not yet present in that directory.	CVE-2021-44223

Vulnerability

Summary

Aliases

VCID-47he-853j-8qdn

WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. In affected versions output data of the function wp_die() can be leaked under certain conditions, which can include data like nonces. It can then be used to perform actions on your behalf. This has been patched in WordPress 5.8.1, along with any older affected versions via minor releases. It's strongly recommended that you keep auto-updates enabled to receive the fix.

CVE-2021-39200

VCID-azyj-28v6-ufhg

security update

CVE-2021-39201

VCID-yqam-kpce-dfg7

WordPress before 5.8 lacks support for the Update URI plugin header. This makes it easier for remote attackers to execute arbitrary code via a supply-chain attack against WordPress installations that use any plugin for which the slug satisfies the naming constraints of the WordPress.org Plugin Directory but is not yet present in that directory.

CVE-2021-44223

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T12:47:50.353713+00:00	Debian Importer	Fixing	VCID-47he-853j-8qdn	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T12:03:59.117678+00:00	Debian Importer	Fixing	VCID-azyj-28v6-ufhg	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T08:46:42.840778+00:00	Debian Importer	Fixing	VCID-47he-853j-8qdn	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T08:14:40.733173+00:00	Debian Importer	Fixing	VCID-azyj-28v6-ufhg	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-03T07:58:00.412031+00:00	Debian Importer	Fixing	VCID-yqam-kpce-dfg7	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:58:00.268032+00:00	Debian Importer	Fixing	VCID-azyj-28v6-ufhg	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:58:00.208542+00:00	Debian Importer	Fixing	VCID-47he-853j-8qdn	https://security-tracker.debian.org/tracker/data/json	38.1.0