For a detailed advisory, download the pdf file here.
WordPress development team has released the security update to patch the following four vulnerabilities out of which three of them have high severity.
CVE-2022-21661: A vulnerability exists in WP_Query class which is caused due to improper validation of a user-supplied string that is used to construct SQL queries. CVE-2022-21662: A stored cross-site scripting vulnerability that allows an attacker with low privileges (such as authors) to execute JavaScript which might end up affecting users with high privileges. CVE-2022-21663: A security vulnerability allows an attacker with Super Admin role to bypass explicit/additional hardening under certain conditions through object injection. CVE-2022-21664: An SQL injection vulnerability caused due to lack of proper sanitization in one of the classes.
All these vulnerabilities have been fixed in version 5.8.3. Organizations can refer the patch links below to patch these vulnerabilities.
https://wordpress.org/news/2022/01/wordpress-5-8-3-security-release/
https://github.com/WordPress/wordpress-develop/commit/c09ccfbc547d75b392dbccc1ef0b4442ccd3c957
https://github.com/WordPress/wordpress-develop/commit/17efac8c8ec64555eff5cf51a3eff81e06317214
https://nvd.nist.gov/vuln/detail/CVE-2022-21661
https://nvd.nist.gov/vuln/detail/CVE-2022-21662
Get through updates and upcoming events, and more directly in your inbox
