Multiple Vulnerabilities in WordPress Could Allow for SQL Injection
ITS ADVISORY NUMBER:
2022-003
DATE(S) ISSUED:
Monday, January 10, 2022
SUBJECT:
Multiple Vulnerabilities in WordPress Could Allow for SQL Injection
OVERVIEW:
Multiple vulnerabilities have been discovered in WordPress, the most severe of which could allow for SQL injection. WordPress is an open source content management system (CMS) which assist in the creation and hosting of web applications. Successful exploitation of the most severe of these vulnerabilities could allow for SQL injection. Depending on the privileges associated with the service, an attacker could then read, extract, or write to the backend database. Services which are configured to have fewer rights on the system and the backend database could be less impacted than those who operate with administrative rights.
THREAT INTELLIGENCE:
There are currently no reports of these vulnerabilities being exploited in the wild. However, as WordPress is an open source software, the code which was changed from the update can be obtained by visiting the WordPress GitHub page.
SYSTEMS AFFECTED:
- WordPress versions between 3.7 and 5.8.3
RISK:
Government:
Large and medium government entities: Medium
Small government entities: Medium
Business:
Large and medium business entities: Medium
Small business entities: Medium
Home Users: Low
DESCRIPTION:
Multiple vulnerabilities have been discovered in WordPress, the most severe of which could allow for SQL injection. Details of these vulnerabilities are as follows:
- An issue with post slugs which allows for stored XSS.
- An issue which allows for object injection in certain multi-site installations
- An input validation vulnerability in WP_Query which enables for SQL injection
- An input validation vulnerability in WP_Meta_Query which enables for SQL injection (affects WordPress versions 4.1 to 5.8)
Successful exploitation of the most severe of these vulnerabilities could allow for SQL injection. Depending on the privileges associated with the service, an attacker could then read, extract, or write to the backend database. Services which are configured to have fewer rights on the system and the backend database could be less impacted than those who operate with administrative rights.
ACTIONS:
- After appropriate testing, immediately apply updates provided by WordPress to vulnerable systems.
- Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.
- Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.
- Inform and educate users regarding the threats posed by hypertext links contained in emails or attachments especially from un-trusted sources.
- Apply the Principle of Least Privilege to all systems and services.
REFERENCES:
WordPress:
https://wordpress.org/news/2022/01/wordpress-5-8-3-security-release/
GitHub:
https://github.com/WordPress/wordpress-develop/commit/6223e0cf1efa86995d...
PatchStack:
https://patchstack.com/articles/wordpress-core-5-8-3-security-vulnerabil...