CVE-2023-22622
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
WordPress through 6.1.1 depends on unpredictable client visits to cause wp-cron.php execution and the resulting security updates, and the source code describes "the scenario where a site may not receive enough visits to execute scheduled tasks in a timely manner," but neither the installation guide nor the security guide mentions this default behavior, or alerts the user about security risks on installations with very few visits.
WordPress hasta 6.1.1 depende de visitas impredecibles de clientes para provocar la ejecución de wp-cron.php y las actualizaciones de seguridad resultantes, y el código fuente describe "el escenario en el que un sitio puede no recibir suficientes visitas para ejecutar las tareas programadas de manera oportuna" pero ni la guía de instalación ni la guía de seguridad mencionan este comportamiento predeterminado, ni alertan al usuario sobre riesgos de seguridad en instalaciones con muy pocas visitas.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2023-01-05 CVE Reserved
- 2023-01-05 CVE Published
- 2024-08-02 CVE Updated
- 2024-08-02 First Exploit
- 2024-08-26 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (8)
URL | Tag | Source |
---|---|---|
https://github.com/WordPress/WordPress/blob/dca7b5204b5fea54e6d1774689777b359a9222ab/wp-cron.php#L5-L8 | Third Party Advisory | |
https://medium.com/%40thecpanelguy/the-nightmare-that-is-wpcron-php-ae31c1d3ae30 | ||
https://patchstack.com/articles/solving-unpredictable-wp-cron-problems-addressing-cve-2023-22622 | Third Party Advisory | |
https://www.tenable.com/plugins/was/113449 | Third Party Advisory |
URL | Date | SRC |
---|---|---|
https://github.com/michael-david-fry/CVE-2023-22622 | 2024-08-02 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://developer.wordpress.org/plugins/cron | 2023-11-07 | |
https://wordpress.org/about/security | 2023-11-07 | |
https://wordpress.org/support/article/how-to-install-wordpress | 2023-11-07 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | <= 6.1.1 Search vendor "Wordpress" for product "Wordpress" and version " <= 6.1.1" | - |
Affected
|