Vulnerability identifier: #VU59290

Vulnerability risk: High

CVSSv3.1: 8.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C]

CVE-ID: CVE-2022-21661

CWE-ID: CWE-89

Exploitation vector: Network

Exploits in database: 9

• August 7, 2023
  • CVE-2022-21661-PoC (A Python PoC of CVE-2022-21661, inspired from z92g's Go PoC) [Github]
• March 25, 2023
  • SSI-CVE-2022-21661 (Study and exploit the vulnerability CVE-2022-21661 that allows SQL Injections through plugins POST requests to WordPress versions below 5.8.3.) [Github]
• November 7, 2022
  • CVE-2022-21661 (The first poc video presenting the sql injection test from ( WordPress Core 5.8.2-'WP_Query' / CVE-2022-21661) ) [Github]
• August 1, 2022
  • CVE-2022-21661 (CVE-2022-21661 exp for Elementor custom skin.) [Github]
• July 28, 2022
  • CVE-2022-21661 (WordPress WP_Query SQL Injection POC) [Github]
• May 29, 2022
  • Wordpress-cve-CVE-2022-21661 (Wordpress 5.8.2 CVE-2022-21661 Vuln enviroment POC exploit) [Github]
• May 13, 2022
  • WordPress Core 5.8.2 - 'WP_Query' SQL Injection [Exploit-DB]
• February 13, 2022
  • wordpress-CVE-2022-21661 () [Github]
• January 19, 2022
  • CVE-2022-21661-WordPress-Core-5.8.2-WP_Query-SQL-Injection (WordPress Core 5.8.2 - 'WP_Query' SQL Injection) [Github]

Impact: Information disclosure and data manipulation

Vulnerable software:
WordPress
Web applications / CMS

Vendor: WordPress.ORG