PT-2022-15018 · WordPress · Wordpress

Khuyenn

Published

2022-01-06

Updated

2025-08-04

CVE-2022-21664

CVSS v3.1

7.4

High

Vector

AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions WordPress versions prior to 5.8.3 WordPress versions prior to 4.1.34

Description WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to lack of proper sanitization in one of the classes, there's potential for unintended SQL queries to be executed.

Recommendations For WordPress versions prior to 5.8.3, update to version 5.8.3 or later. For WordPress versions prior to 4.1.34, update to version 4.1.34 or later. Keep auto-updates enabled to ensure the latest security patches are applied. At the moment, there is no information about additional mitigation measures for this issue.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

BIT-WORDPRESS-2022-21664

BIT-WORDPRESS-MULTISITE-2022-21664

CVE-2022-21664

DLA-2884-1

DSA-5039-1

GHSA-JP3P-GW8H-6X86

Affected Products

Wordpress

PT-2022-15018 · WordPress · Wordpress

CVE-2022-21664

Weakness Enumeration

Related Identifiers

Affected Products

References · 24