Skip to content

WordPress: SQL injection due to improper sanitization in WP_Meta_Query

Moderate
ehti published GHSA-jp3p-gw8h-6x86 Jan 6, 2022

Package

No package listed

Affected versions

4.1.33 - 5.8.2

Patched versions

5.8.3

Description

Impact

Due to lack of proper sanitization in WP_Meta_Query, there's potential for blind SQL Injection.

Patches

This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 4.1.34. We strongly recommend that you keep auto-updates enabled.

References

https://wordpress.org/news/category/releases/

For more information

If you have any questions or comments about this advisory:

Severity

Moderate

CVE ID

CVE-2022-21664

Weaknesses

No CWEs