CVE-2021-44223
First published: Thu Nov 25 2021(Updated: )
WordPress before 5.8 lacks support for the Update URI plugin header. This makes it easier for remote attackers to execute arbitrary code via a supply-chain attack against WordPress installations that use any plugin for which the slug satisfies the naming constraints of the WordPress.org Plugin Directory but is not yet present in that directory.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| WordPress WordPress | <5.8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this WordPress vulnerability?
The vulnerability ID for this WordPress vulnerability is CVE-2021-44223.
How severe is CVE-2021-44223?
CVE-2021-44223 has a severity level of critical, with a CVSS severity score of 9.8.
What is the impact of CVE-2021-44223?
CVE-2021-44223 allows remote attackers to execute arbitrary code via a supply-chain attack against WordPress installations.
Which versions of WordPress are affected by CVE-2021-44223?
WordPress versions before 5.8 are affected by CVE-2021-44223.
How can I mitigate CVE-2021-44223?
To mitigate CVE-2021-44223, update WordPress to version 5.8 or later, which includes support for the Update URI plugin header.
- agent/tags
- agent/event
- agent/references
- agent/severity
- agent/author
- agent/type
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/wordpress
- canonical/wordpress wordpress