CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
EPSS
Percentile
99.0%
WordPress is a free and open-source content management system written in
PHP and paired with a MariaDB database. Due to improper sanitization in
WP_Query, there can be cases where SQL injection is possible through
plugins or themes that use it in a certain way. This has been patched in
WordPress version 5.8.3. Older affected versions are also fixed via
security release, that go back till 3.7.37. We strongly recommend that you
keep auto-updates enabled. There are no known workarounds for this
vulnerability.
github.com/WordPress/wordpress-develop/commit/17efac8c8ec64555eff5cf51a3eff81e06317214
github.com/WordPress/wordpress-develop/security/advisories/GHSA-6676-cqfm-gw84
hackerone.com/reports/1378209
launchpad.net/bugs/cve/CVE-2022-21661
nvd.nist.gov/vuln/detail/CVE-2022-21661
security-tracker.debian.org/tracker/CVE-2022-21661
wordpress.org/news/2022/01/wordpress-5-8-3-security-release/
www.cve.org/CVERecord?id=CVE-2022-21661
www.debian.org/security/2022/dsa-5039
www.zerodayinitiative.com/advisories/ZDI-22-020/
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
EPSS
Percentile
99.0%