Unrated severityNVD Advisory· Published Jan 6, 2022· Updated Apr 23, 2025

SQL injection in WordPress

CVE-2022-21664

Description

WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to lack of proper sanitization in one of the classes, there's potential for unintended SQL queries to be executed. This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 4.1.34. We strongly recommend that you keep auto-updates enabled. There are no known workarounds for this issue.

Affected products

osv-coords2 versions
pkg:bitnami/wordpress pkg:bitnami/wordpress-multisite
< 5.8.3+ 1 more
- (no CPE)range: < 5.8.3
- (no CPE)range: < 5.8.3
WordPress/wordpress-developv5
Range: >= 4.1.33, < 5.8.3

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CV4UNEC63UU5GEU47IIR4RMTZAHNEOJG/mitrevendor-advisoryx_refsource_FEDORA
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DM6XPH3JN6V4NF4WBOJTOXZIVE6VKKE3/mitrevendor-advisoryx_refsource_FEDORA
www.debian.org/security/2022/dsa-5039mitrevendor-advisoryx_refsource_DEBIAN
github.com/WordPress/wordpress-develop/commit/c09ccfbc547d75b392dbccc1ef0b4442ccd3c957mitrex_refsource_MISC
github.com/WordPress/wordpress-develop/security/advisories/GHSA-jp3p-gw8h-6x86mitrex_refsource_CONFIRM
lists.debian.org/debian-lts-announce/2022/01/msg00019.htmlmitremailing-listx_refsource_MLIST
wordpress.org/news/2022/01/wordpress-5-8-3-security-release/mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.003
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000