Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2022-21661

Опубликовано: 06 янв. 2022
Источник: debian
EPSS Критический

Описание

WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to improper sanitization in WP_Query, there can be cases where SQL injection is possible through plugins or themes that use it in a certain way. This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 3.7.37. We strongly recommend that you keep auto-updates enabled. There are no known workarounds for this vulnerability.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
wordpressfixed5.8.3+dfsg1-1package

Примечания

  • https://wordpress.org/news/2022/01/wordpress-5-8-3-security-release/

  • https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-6676-cqfm-gw84

  • https://github.com/WordPress/wordpress-develop/commit/17efac8c8ec64555eff5cf51a3eff81e06317214

  • https://hackerone.com/reports/1378209

  • https://www.zerodayinitiative.com/blog/2022/1/18/cve-2021-21661-exposing-database-info-via-wordpress-sql-injection

EPSS

Процентиль: 100%
0.90593
Критический

Связанные уязвимости

ubuntu логотип

CVE-2022-21661

CVSS3: 8
ubuntu
больше 3 лет назад

WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to improper sanitization in WP_Query, there can be cases where SQL injection is possible through plugins or themes that use it in a certain way. This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 3.7.37. We strongly recommend that you keep auto-updates enabled. There are no known workarounds for this vulnerability.

nvd логотип

CVE-2022-21661

CVSS3: 8
nvd
больше 3 лет назад

WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to improper sanitization in WP_Query, there can be cases where SQL injection is possible through plugins or themes that use it in a certain way. This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 3.7.37. We strongly recommend that you keep auto-updates enabled. There are no known workarounds for this vulnerability.

fstec логотип

BDU:2023-07191

CVSS3: 7.5
fstec
больше 3 лет назад

Уязвимость класса WP_Query системы управления содержимым сайта WordPress, позволяющая нарушителю раскрыть сохраненные учетные данные

EPSS

Процентиль: 100%
0.90593
Критический