Contact us
Request demo →
Contact us
search
close

How to find and mitigate the recent WordPress CVE-2022-21661

by Sebastiaan Bosman Blog 14 Jan 2022

A few days ago, WordPress released a patch for their software. This patch updates WordPress to version 5.8.3, and addresses four vulnerabilities. Three of these vulnerabilities have been rated as ‘high importance’ with two CVSS scores of 8.0, a 7.4, and a 6.6, as they allow for different kinds of attacks. This article explains how the different vulnerabilities could be abused, and how we were able to find the relevant WordPress software to check for risks.

To repeat: the latest patch to WordPress version 5.8.3 mitigates the vulnerabilities described below. If you haven’t done so already, please update your WordPress software as soon as possible.

SQL injection

The four vulnerabilities, named CVE-2022-21661 to -21664, allowed for several ways threat actors could access systems or obtain private information. For instance, an SQL injection could result in the disclosure of account information, as it does not require any authentication. An attacker could therefore obtain privilege rights to compromise a site.

As an organisation’s web hosting is often scattered over several servers and hosting services, it is possible to have different versions of WordPress running for different (sub)domains. This also makes it harder for IT teams to identify all of their digital assets with connection to WordPress servers, and to determine whether or not those assets pose a risk and should therefore be updated.

Attack Surface Monitoring

We have been able to identify and assess the WordPress servers in the attack surfaces of our clients via a specific query in our Attack Surface Management platform. It provides a list of all assets related to WordPress, with further classifications of risk.

These automated insights will save valuable time when mitigating risks is a sudden priority. Knowing what software is running where at all times allows for much faster action, and with much more precision. As threat actors are making use of automated hacking techniques, automated and continuous monitoring is the key to staying in control over your attack surface.

Interested in finding out how we can help you identify and mitigate risks such as the WordPress vulnerabilities? Book your free demo with us here:

Request a demo

Looking back on the 2021 vulnerability: Log4shell

In December 2021 a critical vulnerability surfaced named Log4shell within Log4j, a widely used logging tool for java applications. Log4j is used globally by computers running online services, which meant it impacted a multitude of people, organisations, and government organisations. Since then, multiple fixes have been implemented in the hope to avoid such an outbreak in the future.

read more

Using Telegram monitoring to enhance your attack surface management

For several years illicit actors have been switching from the dark web to Telegram. One of the reasons for this change is that several dark web forums have been shut down by law enforcement. With fewer marketplaces to offer their goods and services, online criminals were forced to look for new platforms to reach their customers.

read more

International Women's Day 2022

As today is International Women’s Day, we would like to celebrate the women that work across all departments at Cybersprint. We would like to introduce some of them to you:

read more

Do you have a question?

Our experts have the answers

Contact us