CVE-2022-21661

SQL injection in WordPress

Severity Score

7.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Attend

*SSVC

Descriptions

WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to improper sanitization in WP_Query, there can be cases where SQL injection is possible through plugins or themes that use it in a certain way. This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 3.7.37. We strongly recommend that you keep auto-updates enabled. There are no known workarounds for this vulnerability.

WordPress es un sistema de administración de contenidos gratuito y de código abierto escrito en PHP y emparejado con una base de datos MariaDB. Debido a un saneo inapropiado en WP_Query, puede haber casos en los que la inyección SQL es posible mediante plugins o temas que lo usan de una manera determinada. Esto ha sido parcheado en WordPress versión 5.8.3. Las versiones más antiguas afectadas también han sido corregidas por medio de un security release, que remonta hasta la versión 3.7.37. Le recomendamos encarecidamente que mantenga habilitadas las actualizaciones automáticas. No se presentan medidas de mitigación conocidas para esta vulnerabilidad.

This vulnerability allows remote attackers to disclose sensitive information on affected installations of WordPress Core. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the WP_Query class. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise.

WordPress Core version 5.8.2 suffers from a remote SQL injection vulnerability.

*Credits: ngocnb and khuyenn from GiaoHangTietKiem JSC

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Attack Vector

Network

Attack Complexity

High

Privileges Required

High

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:Attend

Exploitation

Poc

Automatable

Tech. Impact

Total

* Organization's Worst-case Scenario

Timeline

2021-01-06 CVE Published
2021-11-16 CVE Reserved
2022-02-17 First Exploit
2024-09-09 CVE Updated
2024-11-14 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CAPEC

References (21)

URL	Tag	Source
https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-6676-cqfm-gw84	Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/01/msg00019.html	Mailing List
https://www.zerodayinitiative.com/advisories/ZDI-22-020	Third Party Advisory

URL	Date	SRC
https://www.exploit-db.com/exploits/50663	2024-09-09
https://github.com/z92g/CVE-2022-21661	2022-07-30
https://github.com/0x4E0x650x6F/Wordpress-cve-CVE-2022-21661	2022-05-28
https://github.com/safe3s/CVE-2022-21661	2022-11-06
https://github.com/purple-WL/wordpress-CVE-2022-21661	2022-02-17
https://github.com/guestzz/CVE-2022-21661	2022-08-02
https://github.com/TAPESH-TEAM/CVE-2022-21661-WordPress-Core-5.8.2-WP_Query-SQL-Injection	2023-06-04
https://github.com/WellingtonEspindula/SSI-CVE-2022-21661	2023-11-30
https://github.com/sealldeveloper/CVE-2022-21661-PoC	2023-04-27
https://github.com/daniel616/CVE-2022-21661-Demo	2023-05-10
https://github.com/p4ncontomat3/CVE-2022-21661	2024-01-04
https://github.com/CharonDefalt/WordPress--CVE-2022-21661	2022-11-23
http://packetstormsecurity.com/files/165540/WordPress-Core-5.8.2-SQL-Injection.html	2024-09-09

URL	Date	SRC
https://github.com/WordPress/wordpress-develop/commit/17efac8c8ec64555eff5cf51a3eff81e06317214	2023-11-07

URL	Date	SRC
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CV4UNEC63UU5GEU47IIR4RMTZAHNEOJG	2023-11-07
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DM6XPH3JN6V4NF4WBOJTOXZIVE6VKKE3	2023-11-07
https://wordpress.org/news/2022/01/wordpress-5-8-3-security-release	2023-11-07
https://www.debian.org/security/2022/dsa-5039	2023-11-07

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Wordpress Search vendor "Wordpress"		Wordpress Search vendor "Wordpress" for product "Wordpress"				< 5.8.3 Search vendor "Wordpress" for product "Wordpress" and version " < 5.8.3"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				34 Search vendor "Fedoraproject" for product "Fedora" and version "34"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				35 Search vendor "Fedoraproject" for product "Fedora" and version "35"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				11.0 Search vendor "Debian" for product "Debian Linux" and version "11.0"		-		Affected