WordPress 5.8.3 Security Update Fixes Four Flaws

Share post:

WordPress has released version 5.8.3 security update that fixes four vulnerabilities: CVE-2022-21661, CVE-2022-21662, CVE-2022-21663, and CVE-2022-21664.

CVE-2022-21661 is a SQL injection via WP _ Query. The vulnerability is a high severity flaw with an 8.0 severity rating. It is exploited via plugins and themes that use WP-Query.

CVE-2022-21662, an XSS high severity flaw has a severity of 8.0. The flaw allows authors with lower privilege users to add a malicious backdoor or take over a page by abusing post slugs.

CVE-2022-21663 has an average severity with a CVSS score of 6.6. This is an object injection problem that is exploited after a threat actor compromised the administrator account.

CVE-2022-21664 is a high severity flaw with a 7.4 CVSS score. It is an SQL injection error that is exploited via the WP_Meta_Query core class.

For CVE-2022-21611, CVE-2022-21612, CVE-2022-21613, fixes cover WordPress versions down to 3.7.37. For CVE-2022-21614, fixes cover WordPress versions down to 4.1.34.

For more information, read the original story in BleepingComputer.

Featured Tech Jobs


Related articles

All Okta customer support users had their email addresses copied

Identity and access provider Okta now says the threat actor who accessed its customer help desk system last month got the names and email addresses of all contacts of organizations that use its support system. Originally, the company said that, after an investigation, it determined only one per cent of the contacts from its 18,000

Failure of technology to detect attacks is a prime cause of breaches: Survey

Despite the money being poured into cybersecurity by IT departments, the leading cause of breaches of security controls was the failure of technology to detect an attack, a new survey from Trellix suggests. Forty-two per cent of respondents to the international survey of infosec leaders whose organization had suffered a recent cyber attack said their

Canadian group gets $2.2 million to research AI threat detection for wireless networks

Ericsson Canada and three universities have been awarded funds by the National Cybersecurity

Cyber Security Today, Nov. 29, 2023 – More ransomware attacks on the healthcare sector

This episode reports on a company hit twice by a ransomware gang, the arrest in Ukraine of the alleged head of a ransomware gang

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways