Contact us
Request demo →
Contact us

How to find and mitigate the recent WordPress CVE-2022-21661

by Sebastiaan Bosman Blog 14 Jan 2022

A few days ago, WordPress released a patch for their software. This patch updates WordPress to version 5.8.3, and addresses four vulnerabilities. Three of these vulnerabilities have been rated as ‘high importance’ with two CVSS scores of 8.0, a 7.4, and a 6.6, as they allow for different kinds of attacks. This article explains how the different vulnerabilities could be abused, and how we were able to find the relevant WordPress software to check for risks.

To repeat: the latest patch to WordPress version 5.8.3 mitigates the vulnerabilities described below. If you haven’t done so already, please update your WordPress software as soon as possible.

SQL injection

The four vulnerabilities, named CVE-2022-21661 to -21664, allowed for several ways threat actors could access systems or obtain private information. For instance, an SQL injection could result in the disclosure of account information, as it does not require any authentication. An attacker could therefore obtain privilege rights to compromise a site.

As an organisation’s web hosting is often scattered over several servers and hosting services, it is possible to have different versions of WordPress running for different (sub)domains. This also makes it harder for IT teams to identify all of their digital assets with connection to WordPress servers, and to determine whether or not those assets pose a risk and should therefore be updated.

Attack Surface Monitoring

We have been able to identify and assess the WordPress servers in the attack surfaces of our clients via a specific query in our Attack Surface Management platform. It provides a list of all assets related to WordPress, with further classifications of risk.

These automated insights will save valuable time when mitigating risks is a sudden priority. Knowing what software is running where at all times allows for much faster action, and with much more precision. As threat actors are making use of automated hacking techniques, automated and continuous monitoring is the key to staying in control over your attack surface.

Interested in finding out how we can help you identify and mitigate risks such as the WordPress vulnerabilities? Book your free demo with us here:

Request a demo

Disinformation: a certainty in uncertain times

Since the beginning of the internet, we have seen a near, if not an exponential, surge of information sharing amongst users in cyberspace. Not long after, we saw how the emergence of social media ushered an access to public online platforms where other internet users worldwide could share, discuss, promote, and consume information, whether by deliberate choice or not.

read more

Threat Report: Remote vulnerability in Confluence, fixes available

On 2 June, 2022 a critical vulnerability was identified in Atlassian Confluence (CVE-2022-26134). The vulnerability in question relates to active exploitation of unauthenticated remote code execution in Confluence Data Center and Server; meaning that the vulnerability could lead to code being executed remotely.  

read more

Looking back on the 2021 vulnerability: Log4shell

In December 2021 a critical vulnerability surfaced named Log4shell within Log4j, a widely used logging tool for java applications. Log4j is used globally by computers running online services, which meant it impacted a multitude of people, organisations, and government organisations. Since then, multiple fixes have been implemented in the hope to avoid such an outbreak in the future.

read more

Do you have a question?

Our experts have the answers

Contact us