WordPress fixes multiple security vulnerabilities

Threat Level – Amber | Vulnerability Report
Download PDF

For a detailed advisory, download the pdf file here.

WordPress development team has released the security update to patch the following four vulnerabilities out of which three of them have high severity.

CVE-2022-21661: A vulnerability exists in WP_Query class which is caused due to improper validation of a user-supplied string that is used to construct SQL queries. CVE-2022-21662: A stored cross-site scripting vulnerability that allows an attacker with low privileges (such as authors) to execute JavaScript which might end up affecting users with high privileges. CVE-2022-21663: A security  vulnerability allows an attacker with Super Admin role to bypass explicit/additional hardening under certain conditions through object injection. CVE-2022-21664: An SQL injection vulnerability caused due to lack of  proper sanitization in one of the classes.

All these vulnerabilities have been fixed in version 5.8.3. Organizations can refer the patch links below to patch these vulnerabilities.

Vulnerabiliy Details

Patch Links










What’s new on HivePro

Get through updates and upcoming events, and more directly in your inbox