5
CVSSv2

CVE-2022-21661

Published: 06/01/2022 Updated: 16/01/2022
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Summary

This vulnerability allows remote malicious users to disclose sensitive information on affected installations of WordPress Core. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WP_Query class. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

wordpress wordpress

debian debian linux 10.0

debian debian linux 11.0

Vendor Advisories

Debian Bug report logs - #1003243 wordpress: WordPress 583 Security Release Package: wordpress; Maintainer for wordpress is Craig Small <csmall@debianorg>; Source for wordpress is src:wordpress (PTS, buildd, popcon) Reported by: Craig Small <csmall@debianorg> Date: Thu, 6 Jan 2022 21:48:01 UTC Severity: grave T ...
Several vulnerabilities were discovered in Wordpress, a web blogging tool They allowed remote attackers to perform SQL injection, run unchecked SQL queries, bypass hardening, or perform Cross-Site Scripting (XSS) attacks For the oldstable distribution (buster), these problems have been fixed in version 5015+dfsg1-0+deb10u1 For the stable distr ...

Mailing Lists

WordPress Core version 582 suffers from a remote SQL injection vulnerability ...

Github Repositories

搜集2022年的漏洞 命令执行 TerraMaster TOS session 伪造、任意⽂件读取、远程命令执⾏等多个漏洞 H2 数据库控制台未授权 RCE (CVE-2021-42392) Atlassian Jira Server and Data Center 授权RCE漏洞 (CVE-2021-43947) 代码执行 GoAhead 远程代码执⾏漏洞 (CVE-2021-42342) SQL注入 wordpress SQL注入漏洞 (CVE-2022–21661)