CVE-2022-21662

CVSS v3.1

8.0

High

Vector

AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions WordPress versions prior to 5.8.3 WordPress versions prior to 3.7.37

Description Low-privileged authenticated users, such as authors, in the WordPress core are able to execute JavaScript and perform a stored XSS attack, which can affect high-privileged users.

Recommendations For WordPress versions prior to 5.8.3, update to version 5.8.3 or later. For WordPress versions prior to 3.7.37, update to version 3.7.37 or later. Keep auto-updates enabled to ensure the latest security patches are applied. As a temporary workaround, consider restricting access to sensitive areas of the WordPress core until a patch is applied.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

BIT-WORDPRESS-2022-21662

BIT-WORDPRESS-MULTISITE-2022-21662

CVE-2022-21662

DLA-2884-1

DSA-5039-1

GHSA-699Q-3HJ9-889W

Affected Products

Wordpress

CVE-2022-21662

Weakness Enumeration

Related Identifiers

Affected Products

References · 23