Multiple vulnerabilities have been discovered in WordPress, the most severe of which could allow for SQL injection. WordPress is an open source content management system (CMS) which assist in the creation and hosting of web applications. Successful exploitation of the most severe of these vulnerabilities could allow for SQL injection. Depending on the privileges associated with the service, an attacker could then read, extract, or write to the backend database. Services which are configured to have fewer rights on the system and the backend database could be less impacted than those who operate with administrative rights.
THREAT INTELLIGENCE:
There are currently no reports of these vulnerabilities being exploited in the wild. However, as WordPress is an open source software, the code which was changed from the update can be obtained by visiting the WordPress GitHub page.
SYSTEMS AFFECTED:
- WordPress versions between 3.7 and 5.8.3
RISK:
Government:
- Large and medium government entities: Medium
- Small government entities: Medium
Businesses:
- Large and medium business entities: Medium
- Small business entities: Medium
Home users: Low
TECHNICAL SUMMARY:
Multiple vulnerabilities have been discovered in WordPress, the most severe of which could allow for SQL injection. Details of these vulnerabilities are as follows:
- An issue with post slugs which allows for stored XSS.
- An issue which allows for object injection in certain multi-site installations
- An input validation vulnerability in WP_Query which enables for SQL injection
- An input validation vulnerability in WP_Meta_Query which enables for SQL injection (affects WordPress versions 4.1 to 5.8)
Successful exploitation of the most severe of these vulnerabilities could allow for SQL injection. Depending on the privileges associated with the service, an attacker could then read, extract, or write to the backend database. Services which are configured to have fewer rights on the system and the backend database could be less impacted than those who operate with administrative rights.
RECOMMENDATIONS:
We recommend the following actions be taken:
- Apply appropriate updates provided by WordPress to vulnerable systems immediately after appropriate testing.
- Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.
- Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.
- Inform and educate users regarding the threats posed by hypertext links contained in emails or attachments especially from un-trusted sources.
- Apply the Principle of Least Privilege to all systems and services.
REFERENCES:
WordPress:
https://wordpress.org/news/2022/01/wordpress-5-8-3-security-release/
GitHub:
https://github.com/WordPress/wordpress-develop/commit/6223e0cf1efa86995de9d78d39360a3b8efa0c45
PatchStack:
https://patchstack.com/articles/wordpress-core-5-8-3-security-vulnerabilities/