← Back to CVEs
CVE-2022-21663
MEDIUM6.6
Description
WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. On a multisite, users with Super Admin role can bypass explicit/additional hardening under certain conditions through object injection. This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 3.7.37. We strongly recommend that you keep auto-updates enabled. There are no known workarounds for this issue.
CVE Details
CVSS v3.1 Score6.6
SeverityMEDIUM
CVSS VectorCVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack VectorNETWORK
ComplexityHIGH
Privileges RequiredHIGH
User InteractionNONE
Published1/6/2022
Last Modified11/21/2024
Sourcenvd
Honeypot Sightings0
Affected Products
debian:debian_linuxfedoraproject:fedorawordpress:wordpress
Weaknesses (CWE)
CWE-74CWE-502
References
https://blog.sonarsource.com/wordpress-object-injection-vulnerability/(security-advisories@github.com)
https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-jmmq-m8p8-332h(security-advisories@github.com)
https://lists.debian.org/debian-lts-announce/2022/01/msg00019.html(security-advisories@github.com)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CV4UNEC63UU5GEU47IIR4RMTZAHNEOJG/(security-advisories@github.com)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DM6XPH3JN6V4NF4WBOJTOXZIVE6VKKE3/(security-advisories@github.com)
https://wordpress.org/news/2022/01/wordpress-5-8-3-security-release/(security-advisories@github.com)
https://www.debian.org/security/2022/dsa-5039(security-advisories@github.com)
https://blog.sonarsource.com/wordpress-object-injection-vulnerability/(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-jmmq-m8p8-332h(af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2022/01/msg00019.html(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CV4UNEC63UU5GEU47IIR4RMTZAHNEOJG/(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DM6XPH3JN6V4NF4WBOJTOXZIVE6VKKE3/(af854a3a-2127-422b-91ae-364da2661108)
https://wordpress.org/news/2022/01/wordpress-5-8-3-security-release/(af854a3a-2127-422b-91ae-364da2661108)
https://www.debian.org/security/2022/dsa-5039(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.