CVE-2022-21662
published 2022-01-06CVE-2022-21662: WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Low-privileged authenticated users (like…
PriorityP277medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
ITWVulnCheck KEV
Exploited in the wild
EPSS
63.42%
99.1th percentile
WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Low-privileged authenticated users (like author) in WordPress core are able to execute JavaScript/perform stored XSS attack, which can affect high-privileged users. This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 3.7.37. We strongly recommend that you keep auto-updates enabled. There are no known workarounds for this issue.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | wordpress | < wordpress 5.8.3+dfsg1-1 (bookworm) | wordpress 5.8.3+dfsg1-1 (bookworm) |
| wordpress | wordpress | < 5.8.3 | 5.8.3 |
| wordpress | wordpress | >= 0 < 5.7.5+dfsg1-0+deb11u1 | 5.7.5+dfsg1-0+deb11u1 |
| wordpress | wordpress | >= 0 < 5.8.3+dfsg1-1 | 5.8.3+dfsg1-1 |
| wordpress | wordpress | >= 0 < 5.8.3+dfsg1-1 | 5.8.3+dfsg1-1 |
| wordpress | wordpress | >= 0 < 5.8.3+dfsg1-1 | 5.8.3+dfsg1-1 |
| wordpress | wordpress-develop | < 5.8.3 | 5.8.3 |
Detection & IOCsextracted from sources · hover to see the quote
- →Stored XSS attack vector: low-privileged authenticated users (e.g., author role) injecting JavaScript that executes in the context of high-privileged users (e.g., admins) ↗
- →Scope is local (authenticated access required); monitor for author-role or similarly low-privileged accounts submitting posts/content containing script payloads in WordPress installations running versions below 5.8.3 ↗
- ·Vulnerability affects WordPress versions prior to 5.8.3; fixes were backported to releases as far back as 3.7.37. Ensure auto-updates are enabled to receive security patches. ↗
- ·No known workarounds exist for this vulnerability; patching is the only remediation. ↗
CVSS provenance
nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:P/A:N
osv5.4MEDIUM
vulncheck8.0HIGH
vendor_debian8.0HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2022-21662: wordpress - WordPress is a free and open-source content management system written in PHP and...
vendor_debian·2022·CVSS 8.0
CVE-2022-21662 [HIGH] CVE-2022-21662: wordpress - WordPress is a free and open-source content management system written in PHP and...
WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Low-privileged authenticated users (like author) in WordPress core are able to execute JavaScript/perform stored XSS attack, which can affect high-privileged users. This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 3.7.37. We strongly recommend that you keep auto-updates enabled. There are no known workarounds for this issue.
Scope: local
bookworm: resolved (fixed in 5.8.3+dfsg1-1)
bullseye: resolved (fixed in 5.7.5+dfsg1-0+deb11u1)
forky: resolved (fixed in 5.8.3+dfsg1-1)
sid: resolved (fixed in 5.8.3+dfsg1-1)
trixie: resolved (fixed in 5.8.3+dfsg1-1)
OSV
CVE-2022-21662: WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database
osv·2022-01-06·CVSS 5.4
CVE-2022-21662 [MEDIUM] CVE-2022-21662: WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database
WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Low-privileged authenticated users (like author) in WordPress core are able to execute JavaScript/perform stored XSS attack, which can affect high-privileged users. This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 3.7.37. We strongly recommend that you keep auto-updates enabled. There are no known workarounds for this issue.
VulnCheck
WordPress wordpress Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
vulncheck·2022·CVSS 8.0
CVE-2022-21662 [HIGH] WordPress wordpress Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
WordPress wordpress Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Low-privileged authenticated users (like author) in WordPress core are able to execute JavaScript/perform stored XSS attack, which can affect high-privileged users. This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 3.7.37. We strongly recommend that you keep auto-updates enabled. There are no known workarounds for this issue.
Affected: WordPress wordpress
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are
No detection rules found.
No public exploits indexed.
Unit42
Network Security Trends: Recent Exploits Observed in the Wild Include Remote Code Execution, Cross-Site Scripting and More
blogs_unit42·2022-08-19·CVSS 8.8
CVE-2021-20166 [HIGH] Network Security Trends: Recent Exploits Observed in the Wild Include Remote Code Execution, Cross-Site Scripting and More
Threat Research Center
Trend Reports
Vulnerabilities
## Network Security Trends: Recent Exploits Observed in the Wild Include Remote Code Execution, Cross-Site Scripting and More
Yue Guan
Published: August 19, 2022
Trend Reports
Vulnerabilities
Attack analysis
CVE-2021-20166
CVE-2021-20167
CVE-2021-21881
CVE-2021-24762
CVE-2021-28169
CVE-2021-31589
CVE-2021-39226
CVE-2021-4045
CVE-2021-43711
CVE-2022-21371
CVE-2022-21662
CVE-2022-22536
CVE-2022-22947
CVE-2022-22954
CVE-2022-22963
CVE-2022-22965
CVE-2022-24112
CVE-2022-24260
CVE-2022-25060
CVE-2022-25075
CVE-2022-25134
CVE-2022-27226
CVE-2022-29464
Exploit in the wild
Network security trends
## Executive Summary
Recent observations of exploits used in the wild reveal that attackers have been making use
Unit42
Network Security Trends: Recent Exploits Observed in the Wild Include Remote Code Execution, Cross-Site Scripting and More
blogs_unit42·2022-08-19
Network Security Trends: Recent Exploits Observed in the Wild Include Remote Code Execution, Cross-Site Scripting and More
## Executive Summary
Recent observations of exploits used in the wild reveal that attackers have been making use of newly published remote code execution vulnerabilities in VMware ONE Access and Identity Manager and Spring Cloud Function, Spring MVC and Spring Web Flux, among others. Attackers have also been taking advantage of a cross-site scripting vulnerability in WordPress core, and SQL injection vulnerabilities in VoIPmonitor GUI and other services. In our observations of network security trends, Unit 42 researchers select exploits of the latest published attacks that defenders should know based on the availability of proofs of concept (PoCs), the severity of the vulnerabilities the exploits are based on and the ease of exploitation.
Other insights that could assist defenders includ
https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-699q-3hj9-889whttps://lists.debian.org/debian-lts-announce/2022/01/msg00019.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CV4UNEC63UU5GEU47IIR4RMTZAHNEOJG/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DM6XPH3JN6V4NF4WBOJTOXZIVE6VKKE3/https://wordpress.org/news/2022/01/wordpress-5-8-3-security-release/https://www.debian.org/security/2022/dsa-5039https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-699q-3hj9-889whttps://lists.debian.org/debian-lts-announce/2022/01/msg00019.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CV4UNEC63UU5GEU47IIR4RMTZAHNEOJG/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DM6XPH3JN6V4NF4WBOJTOXZIVE6VKKE3/https://wordpress.org/news/2022/01/wordpress-5-8-3-security-release/https://www.debian.org/security/2022/dsa-5039
2022-01-06
Published
Exploited in the wild