CVE-2023-22622

Source
https://nvd.nist.gov/vuln/detail/CVE-2023-22622
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-22622.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-22622
Aliases
Related
Published
2023-01-05T02:15:07Z
Modified
2024-11-21T07:45:04Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

WordPress through 6.1.1 depends on unpredictable client visits to cause wp-cron.php execution and the resulting security updates, and the source code describes "the scenario where a site may not receive enough visits to execute scheduled tasks in a timely manner," but neither the installation guide nor the security guide mentions this default behavior, or alerts the user about security risks on installations with very few visits.

References

Affected packages

Git / github.com/wordpress/wordpress

Affected ranges

Type
GIT
Repo
https://github.com/wordpress/wordpress
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
Type
GIT
Repo
https://github.com/wordpress/wordpress-develop
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected