VTA-00402 – WordPress 5.8.3 To Address 4 Vulnerabilities
The Story:
The WordPress development team released WordPress version 5.8.3 to address four vulnerabilities, two of which are rated as high severity. The set includes an SQL injection on WP_Query, a blind SQL injection via the WP_Meta_Query, an XSS attack via the post slugs, and an admin object injection. Sites using WordPress 5.8.2 or older, with read-only filesystems that have disabled automatic core updates in wp-config.php, could be vulnerable to attacks based on the identified flaws.
The four vulnerabilities addressed with the latest security updates are the following:
1. CVE-2022-21661: (CVSS score 8.0) SQL injection via WP_Query. This flaw is exploitable via plugins and themes that use WP-Query.
2. CVE-2022-21662: (CVSS score 8.0) XSS vulnerability allowing authors (lower privilege users) to add a malicious backdoor or take over a site by abusing post slugs.
3. CVE-2022-21664: (CVSS score 7.4) SQL injection via the WP_Meta_Query core class.
4. CVE-2022-21663: (CVSS score 6.6) Object injection issue that can only be exploited if a threat actor has compromised the admin account.
Severity:
High
Attack Surfaces:
Web Application
Tactics:
Execution, Impact, Initial Access
Techniques:
SQL injection, XSS attack via post slugs, admin object injection
Active Defense Tactics:
Detect, Disrupt
Active Defense Techniques:
Security Controls, Software Manipulation
SuperPRO’s Threat Countermeasures Procedures:
1. It is recommended to upgrade to version 5.8.3, review firewall configuration, and ensure that WP core updates are activated.
2. The setting can be seen on the ‘define’ parameter in wp-config.php, which should be “define(‘WP_AUTO_UPDATE_CORE’, true );”
Are your Endpoints secured? Scan your Endpoints now:
1. Register account on Open Threat Exchange (OTX).
2. Download the OTX Endpoint Security.
3. Subscribe to Provintell-Lab’s OTX pulses.
4. Scan your endpoint for the presence of the IOCs. It’s FREE!
Contributed by: Jyao
Leave a Reply