WordPress has released version 5.8.3 security update that fixes four vulnerabilities: CVE-2022-21661, CVE-2022-21662, CVE-2022-21663, and CVE-2022-21664.
CVE-2022-21661 is a SQL injection via WP _ Query. The vulnerability is a high severity flaw with an 8.0 severity rating. It is exploited via plugins and themes that use WP-Query.
CVE-2022-21662, an XSS high severity flaw has a severity of 8.0. The flaw allows authors with lower privilege users to add a malicious backdoor or take over a page by abusing post slugs.
CVE-2022-21663 has an average severity with a CVSS score of 6.6. This is an object injection problem that is exploited after a threat actor compromised the administrator account.
CVE-2022-21664 is a high severity flaw with a 7.4 CVSS score. It is an SQL injection error that is exploited via the WP_Meta_Query core class.
For CVE-2022-21611, CVE-2022-21612, CVE-2022-21613, fixes cover WordPress versions down to 3.7.37. For CVE-2022-21614, fixes cover WordPress versions down to 4.1.34.
For more information, read the original story in BleepingComputer.
