CVE-2023-22622 — MEDIUM (5.3)

Q: How severe is CVE-2023-22622?

CVE-2023-22622 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-22622?

Check the references section above for vendor advisories and patch information. Affected products include: Wordpress Wordpress.

Vulnerability Description

WordPress through 6.1.1 depends on unpredictable client visits to cause wp-cron.php execution and the resulting security updates, and the source code describes "the scenario where a site may not receive enough visits to execute scheduled tasks in a timely manner," but neither the installation guide nor the security guide mentions this default behavior, or alerts the user about security risks on installations with very few visits.

CVSS Score

5.3

MEDIUM

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

ADJACENT_NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Wordpress	Wordpress	<= 6.1.1

References

https://developer.wordpress.org/plugins/cron/ProductVendor Advisory
https://github.com/WordPress/WordPress/blob/dca7b5204b5fea54e6d1774689777b359a92Third Party Advisory
https://medium.com/%40thecpanelguy/the-nightmare-that-is-wpcron-php-ae31c1d3ae30
https://patchstack.com/articles/solving-unpredictable-wp-cron-problems-addressinThird Party Advisory
https://wordpress.org/about/security/Vendor Advisory
https://wordpress.org/support/article/how-to-install-wordpress/Vendor Advisory
https://www.tenable.com/plugins/was/113449Third Party Advisory
https://developer.wordpress.org/plugins/cron/ProductVendor Advisory
https://github.com/WordPress/WordPress/blob/dca7b5204b5fea54e6d1774689777b359a92Third Party Advisory
https://medium.com/%40thecpanelguy/the-nightmare-that-is-wpcron-php-ae31c1d3ae30
https://patchstack.com/articles/solving-unpredictable-wp-cron-problems-addressinThird Party Advisory
https://wordpress.org/about/security/Vendor Advisory
https://wordpress.org/support/article/how-to-install-wordpress/Vendor Advisory
https://www.tenable.com/plugins/was/113449Third Party Advisory

FAQ

What is CVE-2023-22622?

CVE-2023-22622 is a vulnerability with a CVSS score of 5.3 (MEDIUM). WordPress through 6.1.1 depends on unpredictable client visits to cause wp-cron.php execution and the resulting security updates, and the source code describes "the scenario where a site may not recei...

How severe is CVE-2023-22622?

CVE-2023-22622 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-22622?

Check the references section above for vendor advisories and patch information. Affected products include: Wordpress Wordpress.