CVE-2022-21661 PoC — SQL injection in WordPress

Source

https://github.com/p4ncontomat3/CVE-2022-21661

Associated Vulnerability

Title:SQL injection in WordPress (CVE-2022-21661)
Description:WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to improper sanitization in WP_Query, there can be cases where SQL injection is possible through plugins or themes that use it in a certain way. This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 3.7.37. We strongly recommend that you keep auto-updates enabled. There are no known workarounds for this vulnerability.

Description

Script to validate WordPress CVE-2022-21661

Readme

# WordPress CVE-2022-21661 Scanner

## Usage

```bash
python wordpress_scanner.py -H <host or ip address> -p <port> -ssl <support ssl/tls> -proxy <proxy address> -path <custom path>
```

## Help
```
WordPress Scanner for CVE-2022-21661

options:
  -h, --help            show this help message and exit
  -H HOST, --host HOST  Host or IP address
  -p PORT, --port PORT  Port number
  -ssl, --ssl_support   Support SSL/TLS
  -proxy PROXY, --proxy PROXY
                        Proxy address (e.g., http://localhost:8080/)
  -path PATH, --path PATH
                        Custom path for validation, default: /wp-admin/admin-ajax.php
```

File Snapshot


 [4.0K]  /data/pocs/fd8ab325d434fbe4f21b858ed9b0b13e11cb85e6
├── [4.4K]  CVE-2022-21661.py
├── [ 636]  README.md
└── [  42]  requirements.txt

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!