WordPress version 5.7 suffers from a Media Library XML external entity injection vulnerability.
f4d5079185c7b7a82974659421942eaed8b4ed45e1818b1ece7631fe12e92485
This document illustrates proof of concept exploitation of a vulnerability in WordPress versions 5.6.0 through 5.7.0 that gives a user the ability to upload files on a server and exploit an XML parsing issue in the Media Library using an MP3 file upload that leads to an XXE attack.
6f2b6fbc58bcb6f703bd6d4a439b0bd64de13c645bc50f0f2f21b49152561b36
Debian Linux Security Advisory 4896-1 - Several vulnerabilities were discovered in Wordpress, a web blogging tool. They allowed remote attackers to perform XML External Entity (XXE) attacks, and access private content.
e00b69e4ff46ca105c70362ee5ece24f6f93cc7b36e5b41b63549ad18bd8c25b