wordpress is vulnerable to object injection. An attacker with the admin privilege can bypass explicit or additional hardening under certain conditions through object injection
blog.sonarsource.com/wordpress-object-injection-vulnerability/
github.com/WordPress/wordpress-develop/security/advisories/GHSA-jmmq-m8p8-332h
lists.debian.org/debian-lts-announce/2022/01/msg00019.html
lists.fedoraproject.org/archives/list/[email protected]/message/CV4UNEC63UU5GEU47IIR4RMTZAHNEOJG/
lists.fedoraproject.org/archives/list/[email protected]/message/DM6XPH3JN6V4NF4WBOJTOXZIVE6VKKE3/
security-tracker.debian.org/tracker/CVE-2022-21663
wordpress.org/news/2022/01/wordpress-5-8-3-security-release/
www.debian.org/security/2022/dsa-5039