CVE-2022-21662 WordPress is a free and open-source content management system written in PHP with a MariaDB database.
WordPress is an open-source software and as such, we cannot control the release dates of the different versions. However, we do keep a close eye on the patches and release dates of the different versions and patch as soon as possible. We strongly recommend that you keep auto-updates enabled. There are no known workarounds for this issue. WordPress 4.9.x, 4.7.x, 4.6.x, 4.5.x, 4.1.x, 3.9.x, 3.7.x — any of these versions — are potentially affected by this issue. If you are running one of these versions, you should upgrade as soon as possible.
WordPress 4.9.0
WordPress 4.9.0 was released on October 11th, 2018 and is affected by the following vulnerabilities:
- WordPress 4.9.x was recently released and this version of WordPress fixes 5 vulnerabilities that have been assigned CVE-2022-21662.
These vulnerabilities could allow attackers to take control of a site via cross-site scripting (XSS) attacks, unauthorized file uploads, or other means.
Wordpress Version 3.9.x
, 3.7.x
WordPress versions 3.9.x and 3.7.x are affected by this vulnerability, which may allow an attacker to gain access to the WordPress administrator's dashboard or FTP location via the email address field in login forms on a site that uses either of these plugins
What do you need to do if you are using WordPress 4.9.x, 4.7.x, 4.6.x, 4.5.x,
4.1.x, 3.9.x, 3.7.x
If you are using one of the versions mentioned above, please upgrade your WordPress version as soon as possible to prevent potential security issues from happening in the future. If you want to know what steps need to be taken for a specific version that is not listed here, please contact support@wordpress.com and we will help you with that.
What is WordPress?
WordPress is a free and open source blogging platform written in PHP and MySQL. WordPress is the most popular content management system that powers close to 26% of the top 10 million websites in the world. Millions of people use WordPress every day to publish their blogs, run their personal websites, or host their online portfolios. It’s easy to set up, customize, and manage your site too.
With its open-source nature, there are a lot of plugins available for you to use as well as themes. You can choose from thousands of premade designs or even make your own design with WordPress’ built-in editor.
Themes are coded using HTML and CSS so that they can be used on any web browser or device without having to worry about compatibility issues like with Flash or Java. They also have no limitations on the number of pages or posts you can add to a theme or how many images you can use with them. Just go grab one of the hundreds of premade themes available on WordPress marketplace today!
Timeline
Published on: 01/06/2022 23:15:00 UTC
Last modified on: 04/12/2022 18:48:00 UTC
References
- https://wordpress.org/news/2022/01/wordpress-5-8-3-security-release/
- https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-699q-3hj9-889w
- https://www.debian.org/security/2022/dsa-5039
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DM6XPH3JN6V4NF4WBOJTOXZIVE6VKKE3/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CV4UNEC63UU5GEU47IIR4RMTZAHNEOJG/
- https://lists.debian.org/debian-lts-announce/2022/01/msg00019.html
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-21662