johnpbloch/wordpress-core is vulnerable to sql injection. The vulnerability exists due to the lack of sanitization in the WP_Meta_Query
, allowing an attacker to inject and execute malicious SQL queries to the DB.
github.com/WordPress/wordpress-develop/commit/c09ccfbc547d75b392dbccc1ef0b4442ccd3c957
github.com/WordPress/wordpress-develop/security/advisories/GHSA-jp3p-gw8h-6x86
lists.debian.org/debian-lts-announce/2022/01/msg00019.html
lists.fedoraproject.org/archives/list/[email protected]/message/CV4UNEC63UU5GEU47IIR4RMTZAHNEOJG/
lists.fedoraproject.org/archives/list/[email protected]/message/DM6XPH3JN6V4NF4WBOJTOXZIVE6VKKE3/
wordpress.org/news/2022/01/wordpress-5-8-3-security-release/
www.debian.org/security/2022/dsa-5039