Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.3
CVSSv3

CVE-2023-22622

Published: 05/01/2023 Updated: 07/11/2023
CVSS v3 Base Score: 5.3 | Impact Score: 3.6 | Exploitability Score: 1.6
VMScore: 0
Subscribe to Wordpress

Vulnerability Summary

WordPress up to and including 6.1.1 depends on unpredictable client visits to cause wp-cron.php execution and the resulting security updates, and the source code describes "the scenario where a site may not receive enough visits to execute scheduled tasks in a timely manner," but neither the installation guide nor the security guide mentions this default behavior, or alerts the user about security risks on installations with very few visits.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

wordpress wordpress

Github Repositories

https://github.com/michael-david-fry/wp-cron-smash

Python Script that will DoS a WP server that is utilizing WP-CRON

WordPress Cron Enabled CVE-2023-22622 Risk Information VPR Risk Factor: Medium Score: 43 CVSS v2 Risk Factor: Medium Base Score: 46 Vector: CVSS2#AV:A/AC:H/Au:N/C:N/I:N/A:C CVSS v3 Risk Factor: Medium Base Score: 53 Vector: CVSS:30/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Reference Information CVE: CVE-2023-22622 CWE: 400 OWASP: 2013-A9, 2017-A9, 2021-A6 WASC: Denial of Service

References

NVD-CWE-Otherhttps://github.com/WordPress/WordPress/blob/dca7b5204b5fea54e6d1774689777b359a9222ab/wp-cron.php#L5-L8https://developer.wordpress.org/plugins/cron/https://www.tenable.com/plugins/was/113449https://wordpress.org/about/security/https://wordpress.org/support/article/how-to-install-wordpress/https://patchstack.com/articles/solving-unpredictable-wp-cron-problems-addressing-cve-2023-22622/https://medium.com/%40thecpanelguy/the-nightmare-that-is-wpcron-php-ae31c1d3ae30https://nvd.nist.govhttps://github.com/michael-david-fry/wp-cron-smash
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2006-4304CVE-2024-4240arbitrary CVE-2024-31601XSSCVE-2023-20198CVE-2024-4256CVE-2024-3342encryption
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook