CVE-2023-22622

Name of the Vulnerable Software and Affected Versions WordPress versions through 6.1.1

Description The issue arises from WordPress's dependence on unpredictable client visits to execute wp-cron.php, which leads to security updates. The source code notes the scenario where a site may not receive enough visits to execute scheduled tasks in a timely manner. However, neither the installation guide nor the security guide mentions this default behavior or alerts the user about security risks on installations with very few visits.

Recommendations For WordPress versions through 6.1.1, consider implementing a workaround to ensure timely execution of scheduled tasks, such as manually triggering wp-cron.php or using an alternative scheduling method. As a temporary workaround, consider setting up a cron job to periodically execute wp-cron.php to minimize the risk of delayed security updates.