Lucene search
Ngocnb and khuyenn from GiaoHangTietKiem JSCZDI-22-020HistoryJan 10, 2022 - 12:00 a.m.
WordPress Core WP_Query SQL Injection Information Disclosure Vulnerability
2022-01-1000:00:00
ngocnb and khuyenn from GiaoHangTietKiem JSC
www.zerodayinitiative.com
97
0.934 High
EPSS
Percentile
99.1%
This vulnerability allows remote attackers to disclose sensitive information on affected installations of WordPress Core. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WP_Query class. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise.
Related
cnvd
cnvd
WordPress WP_Query SQL Injection Vulnerability
2022-01-08 00:00:00
githubexploit
githubexploit
Exploit for SQL Injection in Wordpress
2022-05-28 10:46:48
Exploit for SQL Injection in Wordpress
2022-01-18 01:05:04
Exploit for SQL Injection in Wordpress
2023-02-08 04:58:57
zdt
zdt
WordPress Core 5.8.2 - (WP_Query) SQL Injection Vulnerability
2022-01-13 00:00:00
cvelist
cvelist
CVE-2022-21661 SQL injection in WordPress
2022-01-06 22:50:11
debiancve
debiancve
CVE-2022-21661
2022-01-06 23:15:07
cve
cve
CVE-2022-21661
2022-01-06 23:15:07
prion
prion
Double free
2022-01-06 23:15:00
ubuntucve
ubuntucve
CVE-2022-21661
2022-01-06 00:00:00
patchstack
patchstack
WordPress <= 5.8.2 - SQL Injection (SQLi) vulnerability
2022-01-06 00:00:00
wpvulndb
wpvulndb
WordPress < 5.8.3 - SQL Injection via WP_Query
2022-01-06 00:00:00
packetstorm
packetstorm
WordPress Core 5.8.2 SQL Injection
2022-01-13 00:00:00
osv
osv
BIT-wordpress-2022-21661
2024-03-06 11:10:19
BIT-wordpress-multisite-2022-21661
2024-03-06 11:10:04
CVE-2022-21661
2022-01-06 23:15:07
checkpoint_advisories
checkpoint_advisories
WordPress WP_Query SQL Injection (CVE-2022-21661)
2022-02-21 00:00:00
nvd
nvd
CVE-2022-21661
2022-01-06 23:15:07
veracode
veracode
SQL Injection
2022-01-07 07:40:47
exploitdb
exploitdb
WordPress Core 5.8.2 - 'WP_Query' SQL Injection
2022-01-13 00:00:00
nuclei
nuclei
WordPress <5.8.3 - SQL Injection
2023-03-24 14:34:38
fedora
fedora
[SECURITY] Fedora 35 Update: wordpress-5.8.3-1.fc35
2022-01-16 01:19:42
[SECURITY] Fedora 34 Update: wordpress-5.8.3-1.fc34
2022-01-16 00:58:17
openvas
openvas
Fedora: Security Advisory for wordpress (FEDORA-2022-8472dd59ff)
2022-01-16 00:00:00
Fedora: Security Advisory for wordpress (FEDORA-2022-e37e1e6c7a)
2022-01-16 00:00:00
Debian: Security Advisory (DSA-5039-1)
2022-01-11 00:00:00
debian
debian
[SECURITY] [DLA 2884-1] wordpress security update
2022-01-23 19:09:19
[SECURITY] [DSA 5039-1] wordpress security update
2022-01-11 10:13:25
wordfence
wordfence
WordPress 5.8.3 Security Release
2022-01-09 00:37:45
hivepro
hivepro
WordPress fixes multiple security vulnerabilities
2022-01-10 16:34:43
nessus
nessus
Debian DSA-5039-1 : wordpress - security update
2022-01-11 00:00:00
Debian DLA-2884-1 : wordpress - LTS security update
2022-01-23 00:00:00