Vulnerability Data

CVE-2022-21663

Track security vulnerabilities

WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. On a multisite, users with Super Admin role can bypass explicit/additional hardening under certain conditions through object injection. This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 3.7.37. We strongly recommend that you keep auto-updates enabled. There are no known workarounds for this issue.

Published at
2022-01-06
10 days ago
Modified
2022-01-11
5 days ago
2022
Year
The year of the turtle

https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-jmmq-m8p8-332h

CONFIRM:https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-jmmq-m8p8-332h

Read More about itMore info

https://www.debian.org/security/2022/dsa-5039

DEBIAN:DSA-5039

Read More about itMore info

https://wordpress.org/news/2022/01/wordpress-5-8-3-security-release/

MISC:https://wordpress.org/news/2022/01/wordpress-5-8-3-security-release/

Read More about itMore info

Vulnerability RAW

{
	"Title": {
		"_text": "CVE-2022-21663"
	},
	"Notes": {
		"Note": [
			{
				"_text": "WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. On a multisite, users with Super Admin role can bypass explicit/additional hardening under certain conditions through object injection. This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 3.7.37. We strongly recommend that you keep auto-updates enabled. There are no known workarounds for this issue."
			},
			{
				"_text": "2022-01-06"
			},
			{
				"_text": "2022-01-11"
			}
		]
	},
	"CVE": {
		"_text": "CVE-2022-21663"
	},
	"References": {
		"Reference": [
			{
				"URL": {
					"_text": "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-jmmq-m8p8-332h"
				},
				"Description": {
					"_text": "CONFIRM:https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-jmmq-m8p8-332h"
				}
			},
			{
				"URL": {
					"_text": "https://www.debian.org/security/2022/dsa-5039"
				},
				"Description": {
					"_text": "DEBIAN:DSA-5039"
				}
			},
			{
				"URL": {
					"_text": "https://wordpress.org/news/2022/01/wordpress-5-8-3-security-release/"
				},
				"Description": {
					"_text": "MISC:https://wordpress.org/news/2022/01/wordpress-5-8-3-security-release/"
				}
			}
		]
	}
}