CVE-2022-21663 – Authenticated Object Injection in Multisites in WordPress
https://notcve.org/view.php?id=CVE-2022-21663
WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. On a multisite, users with Super Admin role can bypass explicit/additional hardening under certain conditions through object injection. This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 3.7.37. We strongly recommend that you keep auto-updates enabled. • https://blog.sonarsource.com/wordpress-object-injection-vulnerability https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-jmmq-m8p8-332h https://lists.debian.org/debian-lts-announce/2022/01/msg00019.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CV4UNEC63UU5GEU47IIR4RMTZAHNEOJG https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DM6XPH3JN6V4NF4WBOJTOXZIVE6VKKE3 https://wordpress.org/news/2022/01/wordpress-5-8-3-security- • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-502: Deserialization of Untrusted Data •
CVE-2022-21662 – Stored XSS in WordPress
https://notcve.org/view.php?id=CVE-2022-21662
WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Low-privileged authenticated users (like author) in WordPress core are able to execute JavaScript/perform stored XSS attack, which can affect high-privileged users. This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 3.7.37. We strongly recommend that you keep auto-updates enabled. • https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-699q-3hj9-889w https://lists.debian.org/debian-lts-announce/2022/01/msg00019.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CV4UNEC63UU5GEU47IIR4RMTZAHNEOJG https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DM6XPH3JN6V4NF4WBOJTOXZIVE6VKKE3 https://wordpress.org/news/2022/01/wordpress-5-8-3-security-release https://www.debian.org/security/2022/dsa-5039 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-21664 – SQL injection in WordPress
https://notcve.org/view.php?id=CVE-2022-21664
WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to lack of proper sanitization in one of the classes, there's potential for unintended SQL queries to be executed. This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 4.1.34. We strongly recommend that you keep auto-updates enabled. • https://github.com/WordPress/wordpress-develop/commit/c09ccfbc547d75b392dbccc1ef0b4442ccd3c957 https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-jp3p-gw8h-6x86 https://lists.debian.org/debian-lts-announce/2022/01/msg00019.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CV4UNEC63UU5GEU47IIR4RMTZAHNEOJG https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DM6XPH3JN6V4NF4WBOJTOXZIVE6VKKE3 https://wordpress.org/news/2022/01/wordpress-5 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2021-44223 – WordPress Core < 5.8 - Dependency Confusion
https://notcve.org/view.php?id=CVE-2021-44223
WordPress before 5.8 lacks support for the Update URI plugin header. This makes it easier for remote attackers to execute arbitrary code via a supply-chain attack against WordPress installations that use any plugin for which the slug satisfies the naming constraints of the WordPress.org Plugin Directory but is not yet present in that directory. WordPress versiones anteriores a 5.8, carece de soporte para el encabezado del plugin Update URI. Esto facilita a atacantes remotos una ejecución de código arbitrario por medio de un ataque a la cadena de suministro contra instalaciones de WordPress que usen cualquier plugin cuyo slug satisfaga las restricciones de nomenclatura del directorio de plugins de WordPress.org pero que aún no esté presente en dicho directorio • https://make.wordpress.org/core/2021/06/29/introducing-update-uri-plugin-header-in-wordpress-5-8 https://vavkamil.cz/2021/11/25/wordpress-plugin-confusion-update-can-get-you-pwned • CWE-345: Insufficient Verification of Data Authenticity •
CVE-2021-42362 – WordPress Popular Posts <= 5.3.2 Authenticated Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2021-42362
The WordPress Popular Posts WordPress plugin is vulnerable to arbitrary file uploads due to insufficient input file type validation found in the ~/src/Image.php file which makes it possible for attackers with contributor level access and above to upload malicious files that can be used to obtain remote code execution, in versions up to and including 5.3.2. El plugin Popular Posts de WordPress es vulnerable a una carga de archivos arbitrarios debido a la insuficiente comprobación del tipo de archivo de entrada encontrada en el archivo ~/src/Image.php que hace posible que atacantes con acceso de nivel de colaborador y superior carguen archivos maliciosos que pueden ser usados para obtener una ejecución de código remota, en versiones hasta la 5.3.2 incluyéndola • https://www.exploit-db.com/exploits/50129 https://github.com/simonecris/CVE-2021-42362-PoC http://packetstormsecurity.com/files/165376/WordPress-Popular-Posts-5.3.2-Remote-Code-Execution.html https://blog.nintechnet.com/improper-input-validation-fixed-in-wordpress-popular-posts-plugin https://github.com/cabrerahector/wordpress-popular-posts/commit/d9b274cf6812eb446e4103cb18f69897ec6fe601 https://plugins.trac.wordpress.org/changeset/2542638/wordpress-popular-posts/trunk/src/Image.php https://wpscan.com/vulnerability/bd4f157c& • CWE-434: Unrestricted Upload of File with Dangerous Type •