CVE-2022-21662
Stored XSS in WordPress
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Low-privileged authenticated users (like author) in WordPress core are able to execute JavaScript/perform stored XSS attack, which can affect high-privileged users. This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 3.7.37. We strongly recommend that you keep auto-updates enabled. There are no known workarounds for this issue.
WordPress es un sistema de administración de contenidos gratuito y de código abierto escrito en PHP y emparejado con una base de datos MariaDB. Los usuarios autenticados con pocos privilegios (como el autor) en el núcleo de WordPress son capaces de ejecutar JavaScript/realizar un ataque de tipo XSS almacenado, que puede afectar a usuarios con altos privilegios. Esto ha sido parcheado en WordPress versión 5.8.3. Las versiones más antiguas afectadas también han sido corregidas por medio de un comunicado de seguridad, que remonta hasta la versión 3.7.37. Le recomendamos encarecidamente que mantenga habilitadas las actualizaciones automáticas. No se presentan medidas de mitigación conocidas para este problema
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-11-16 CVE Reserved
- 2022-01-06 CVE Published
- 2023-11-08 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (6)
URL | Tag | Source |
---|---|---|
https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-699q-3hj9-889w | Third Party Advisory | |
https://lists.debian.org/debian-lts-announce/2022/01/msg00019.html | Mailing List |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | < 5.8.3 Search vendor "Wordpress" for product "Wordpress" and version " < 5.8.3" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 11.0 Search vendor "Debian" for product "Debian Linux" and version "11.0" | - |
Affected
|