CVE-2022-21661

Name of the Vulnerable Software and Affected Versions WordPress versions prior to 5.8.3 WordPress versions 3.7.37 and earlier

Description The issue is related to improper sanitization in the WP Query function of the WordPress content management system, which can lead to SQL injection through certain plugins or themes. This may allow a remote attacker to disclose stored credentials. The vulnerability has been patched in WordPress version 5.8.3 and older affected versions have also been fixed via security releases.

Recommendations For WordPress versions prior to 5.8.3, update to version 5.8.3 or later to resolve the issue. For WordPress versions 3.7.37 and earlier, update to version 3.7.37 or later to resolve the issue. As a general mitigation measure, keep auto-updates enabled to ensure the latest security patches are applied.