High severity8.0NVD Advisory· Published Jan 6, 2022· Updated Jun 17, 2026
CVE-2022-21661
CVE-2022-21661
Description
WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to improper sanitization in WP_Query, there can be cases where SQL injection is possible through plugins or themes that use it in a certain way. This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 3.7.37. We strongly recommend that you keep auto-updates enabled. There are no known workarounds for this vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
5- Range: >=3.7.37,<5.8.3
- osv-coords2 versions
>= 3.7.0, < 3.7.37+ 1 more
- (no CPE)range: >= 3.7.0, < 3.7.37
- (no CPE)range: >= 3.7.0, < 3.7.37
- Range: < 5.8.3
Patches
Vulnerability mechanics
References
11- github.com/WordPress/wordpress-develop/commit/17efac8c8ec64555eff5cf51a3eff81e06317214nvdPatchThird Party Advisory
- packetstormsecurity.com/files/165540/WordPress-Core-5.8.2-SQL-Injection.htmlnvdExploitThird Party AdvisoryVDB Entry
- www.exploit-db.com/exploits/50663nvdExploitThird Party AdvisoryVDB Entry
- www.vicarius.io/vsociety/posts/understanding-the-wordpress-sql-injection-vulnerability-cve-2022-21661nvdExploitThird Party Advisory
- github.com/WordPress/wordpress-develop/security/advisories/GHSA-6676-cqfm-gw84nvdThird Party Advisory
- lists.debian.org/debian-lts-announce/2022/01/msg00019.htmlnvdMailing ListThird Party Advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CV4UNEC63UU5GEU47IIR4RMTZAHNEOJG/nvdThird Party Advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DM6XPH3JN6V4NF4WBOJTOXZIVE6VKKE3/nvdThird Party Advisory
- wordpress.org/news/2022/01/wordpress-5-8-3-security-release/nvdRelease NotesVendor Advisory
- www.debian.org/security/2022/dsa-5039nvdThird Party Advisory
- www.zerodayinitiative.com/advisories/ZDI-22-020/nvdThird Party AdvisoryVDB Entry
News mentions
0No linked articles in our index yet.