Linux Distros Unpatched Vulnerability : CVE-2022-21662

🗓️ 30 Aug 2025 00:00:00Reported by TenableType

WordPress stored XSS via low-privileged users; patch up to version 5.8.3.

Reporter	Title	Published	Views	Family All 43
ATTACKERKB	CVE-2022-21662	6 Jan 202200:00	–	attackerkb
Circl	CVE-2022-21662	7 Jan 202202:16	–	circl
CNNVD	WordPress 跨站脚本漏洞	6 Jan 202200:00	–	cnnvd
CNVD	WordPress Cross-Site Scripting Vulnerability (CNVD-2022-03210)	8 Jan 202200:00	–	cnvd
Check Point Advisories	WordPress Core Cross-Site Scripting (CVE-2022-21662)	17 Nov 202200:00	–	checkpoint_advisories
CVE	CVE-2022-21662	6 Jan 202223:05	–	cve
Cvelist	CVE-2022-21662 Stored XSS in WordPress	6 Jan 202223:05	–	cvelist
Debian	[SECURITY] [DLA 2884-1] wordpress security update	23 Jan 202219:09	–	debian
Debian	[SECURITY] [DSA 5039-1] wordpress security update	11 Jan 202210:13	–	debian
Debian CVE	CVE-2022-21662	6 Jan 202223:05	–	debiancve

Source	Link
ubuntu	www.ubuntu.com/security/CVE-2022-21662
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(258236);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/05/27");

  script_cve_id("CVE-2022-21662");

  script_name(english:"Linux Distros Unpatched Vulnerability : CVE-2022-21662");

  script_set_attribute(attribute:"synopsis", value:
"The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be
patched.");
  script_set_attribute(attribute:"description", value:
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied
patch available.

  - WordPress is a free and open-source content management system written in PHP and paired with a MariaDB
    database. Low-privileged authenticated users (like author) in WordPress core are able to execute
    JavaScript/perform stored XSS attack, which can affect high-privileged users. This has been patched in
    WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till
    3.7.37. We strongly recommend that you keep auto-updates enabled. There are no known workarounds for this
    issue. (CVE-2022-21662)

Note that Nessus relies on the presence of the package as reported by the vendor.");
  script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/CVE-2022-21662");
  script_set_attribute(attribute:"solution", value:
"There is no known solution at this time.");
  script_set_attribute(attribute:"agent", value:"unix");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:U/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:U/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-21662");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_set_attribute(attribute:"vendor_unpatched", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/01/06");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/08/30");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:20.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:wordpress");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2025-2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info2.nasl", "set_linux_os_id.nasl");
  script_require_keys("Host/cpu", "Host/local_checks_enabled", "global_settings/vendor_unpatched", "Host/OS/identifier");
  script_require_ports("Host/OS/Ubuntu Linux-16.04", "Host/OS/Ubuntu Linux-18.04", "Host/OS/Ubuntu Linux-20.04");

  exit(0);
}

if (!get_kb_item("global_settings/vendor_unpatched")) exit(0, "Unpatched Vulnerabilities Detection not active.");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (empty_or_null(get_one_kb_item("Host/Debian/dpkg-l"))) audit(AUDIT_PACKAGE_LIST_MISSING);

include('linux_unpatched.inc');

var distro_constraints_array = {
  "Ubuntu Linux-16.04": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "16.04",
        "pkgs": [
          {"reference": "wordpress"}
        ]
      }
    ]
  },
  "Ubuntu Linux-18.04": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "18.04",
        "pkgs": [
          {"reference": "wordpress"}
        ]
      }
    ]
  },
  "Ubuntu Linux-20.04": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "20.04",
        "pkgs": [
          {"reference": "wordpress"}
        ]
      }
    ]
  }
};

var distro_constraints_values = linux_unpatched::get_distro_constraints(distro_constraints_arr:distro_constraints_array);
if (empty_or_null(distro_constraints_values)) audit(AUDIT_HOST_NOT, 'affected');
var report = linux_unpatched::check_unpatched_constraints(distro_constraints_values:distro_constraints_values);

if (!empty_or_null(report))
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_NOTE,
      extra      : report
  );
  exit(0);
}
else
{
  audit(AUDIT_HOST_NOT, 'affected');
}

27 May 2026 00:00Current

6.7Medium risk

Vulners AI Score6.7

CVSS 23.5

CVSS 3.15.4 - 8

EPSS0.14241

SSVC