⚠ Exploited in the wild
Exploitation observed in the wild. Not yet on CISA KEV.

CVE-2022-21662Cross-site Scripting in Wordpress Wordpress-develop

CWE-79Cross-site Scripting6 documents5 sources
Severity
5.4MEDIUMNVD
VulnCheck8.0
EPSS
14.2%
top 5.59%
CISA KEV
Not in KEV
Exploit
Exploited in wild
Active exploitation observed
Affected products
4
Wordpress Wordpress-developWordpressDebian Wordpress+1 more
Timeline
PublishedJan 6
Latest updateAug 19

Description

WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Low-privileged authenticated users (like author) in WordPress core are able to execute JavaScript/perform stored XSS attack, which can affect high-privileged users. This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 3.7.37. We strongly recommend that you keep auto-updates enabled. There are no known workarou

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages4 packages

debiandebian/wordpress< wordpress 5.8.3+dfsg1-1 (bookworm)
NVDwordpress/wordpress< 5.8.3
CVEListV5wordpress/wordpress-develop< 5.8.3
Debianwordpress/wordpress< 5.7.5+dfsg1-0+deb11u1+3

Also affects: Debian Linux 10.0, 11.0, 9.0

🔴Vulnerability Details

2
OSV
CVE-2022-21662: WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database2022-01-06
VulnCheck
WordPress wordpress Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')2022

📋Vendor Advisories

1
Debian
CVE-2022-21662: wordpress - WordPress is a free and open-source content management system written in PHP and...2022

🕵️Threat Intelligence

2
Unit42
Network Security Trends: Recent Exploits Observed in the Wild Include Remote Code Execution, Cross-Site Scripting and More2022-08-19
Unit42
Network Security Trends: Recent Exploits Observed in the Wild Include Remote Code Execution, Cross-Site Scripting and More2022-08-19