CVEFinder.io

CVE-2022-21661

⚠️ high
Summary

WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to improper sanitization in WP_Query, there can be cases where SQL injection is possible through plugins or themes that use it in a certain way. This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 3.7.37. We strongly recommend that you keep auto-updates enabled. There are no known workarounds for this vul

Description

WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to improper sanitization in WP_Query, there can be cases where SQL injection is possible through plugins or themes that use it in a certain way. This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 3.7.37. We strongly recommend that you keep auto-updates enabled. There are no known workarounds for this vulnerability.

CVSS Score
8.0
High
EPSS Score
90.9
Exploit Probability
Published Date
2022-01-06
First Seen: 2026-01-05
Last Modified 2025-08-19
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
CWE IDs (Weakness Types)
CWE-89

🔗 References 21

http://packetstormsecurity.com/files/165540/WordPres...
Exploit Third Party Advisory VDB Entry
https://github.com/WordPress/wordpress-develop/commi...
Patch Third Party Advisory
https://github.com/WordPress/wordpress-develop/secur...
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/01...
Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/packag...
Third Party Advisory
https://lists.fedoraproject.org/archives/list/packag...
Third Party Advisory
https://wordpress.org/news/2022/01/wordpress-5-8-3-s...
Release Notes Vendor Advisory
https://www.debian.org/security/2022/dsa-5039
Third Party Advisory
https://www.exploit-db.com/exploits/50663
Exploit Third Party Advisory VDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-22-...
Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/165540/WordPres...
Exploit Third Party Advisory VDB Entry
https://github.com/WordPress/wordpress-develop/commi...
Patch Third Party Advisory
https://github.com/WordPress/wordpress-develop/secur...
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/01...
Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/packag...
Third Party Advisory
https://lists.fedoraproject.org/archives/list/packag...
Third Party Advisory
https://wordpress.org/news/2022/01/wordpress-5-8-3-s...
Release Notes Vendor Advisory
https://www.debian.org/security/2022/dsa-5039
Third Party Advisory
https://www.exploit-db.com/exploits/50663
Exploit Third Party Advisory VDB Entry
https://www.vicarius.io/vsociety/posts/understanding...
Exploit Third Party Advisory
https://www.zerodayinitiative.com/advisories/ZDI-22-...
Third Party Advisory VDB Entry

📦 Affected Products 27

Vendor Product Status Affected Versions
debian debian_linux Affected
v10.0
debian debian_linux Affected
v11.0
debian debian_linux Affected
v9.0
wordpress wordpress Affected
≥ 3.7 < 3.7.37
wordpress wordpress Affected
≥ 3.8 < 3.8.37
wordpress wordpress Affected
≥ 3.9 < 3.9.35
wordpress wordpress Affected
≥ 4.0 < 4.0.34
wordpress wordpress Affected
≥ 4.1 < 4.1.34
wordpress wordpress Affected
≥ 4.2 < 4.2.31
wordpress wordpress Affected
≥ 4.3 < 4.3.27
wordpress wordpress Affected
≥ 4.4 < 4.4.26
wordpress wordpress Affected
≥ 4.5 < 4.5.25
wordpress wordpress Affected
≥ 4.6 < 4.6.22
wordpress wordpress Affected
≥ 4.7 < 4.7.22
wordpress wordpress Affected
≥ 4.8 < 4.8.18
wordpress wordpress Affected
≥ 4.9 < 4.9.19
wordpress wordpress Affected
≥ 5.0 < 5.0.15
wordpress wordpress Affected
≥ 5.1 < 5.1.12
wordpress wordpress Affected
≥ 5.2 < 5.2.14
wordpress wordpress Affected
≥ 5.3 < 5.3.11
wordpress wordpress Affected
≥ 5.4 < 5.4.9
wordpress wordpress Affected
≥ 5.5 < 5.5.8
wordpress wordpress Affected
≥ 5.6 < 5.6.7
wordpress wordpress Affected
≥ 5.7 < 5.7.5
wordpress wordpress Affected
≥ 5.8 < 5.8.3
fedoraproject fedora Affected
v34
fedoraproject fedora Affected
v35

💣 Public Exploits 1 PRO

Loading exploit information...

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2025-68670 ⛔ critical 9.1 0.3 xrdp is an open source RDP server. xrdp before v0.10.5 contains an unauthenticated stack-based buffer overflow vulnerabi... 2026-01-27
CVE-2026-24061 ⛔ critical 9.8 29.6 telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment ... 2026-01-21
CVE-2025-6966 🔶 medium 5.5 0.0 NULL pointer dereference in TagSection.keys() in python-apt on APT-based Linux systems allows a local attacker to cause ... 2025-12-05
CVE-2025-63498 🔶 medium 6.1 0.1 alinto SOGo 5.12.3 is vulnerable to Cross Site Scripting (XSS) via the "userName" parameter. 2025-11-24
CVE-2025-64512 ⚠️ high 8.6 0.1 Pdfminer.six is a community maintained fork of the original PDFMiner, a tool for extracting information from PDF documen... 2025-11-10
CVE-2025-10921 ⚠️ high 7.8 0.1 GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote a... 2025-10-29
These CVEs affect the same products