CVE-2023-22622
Summary
| CVE | CVE-2023-22622 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-01-05 02:15:00 UTC |
| Updated | 2023-11-07 04:07:00 UTC |
| Description | WordPress through 6.1.1 depends on unpredictable client visits to cause wp-cron.php execution and the resulting security updates, and the source code describes "the scenario where a site may not receive enough visits to execute scheduled tasks in a timely manner," but neither the installation guide nor the security guide mentions this default behavior, or alerts the user about security risks on installations with very few visits. |
Risk And Classification
Problem Types: NVD-CWE-Other
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| WordPress Cron Enabled | Tenable® | MISC | www.tenable.com | |
| WordPress/wp-cron.php at dca7b5204b5fea54e6d1774689777b359a9222ab · WordPress/WordPress · GitHub | MISC | github.com | |
| Cron | Plugin Developer Handbook | WordPress Developer Resources | MISC | developer.wordpress.org | |
| How to install WordPress – WordPress.org Forums | MISC | wordpress.org | |
| Solving Unpredictable WP-Cron Problems, Addressing CVE-2023-22622 - Patchstack | MISC | patchstack.com | |
| The nightmare that is wp-cron.php | by The cPanel Guy | Medium | MISC | medium.com | |
| Security | WordPress.org | MISC | wordpress.org | |
| The nightmare that is wp-cron.php | by The cPanel Guy | Medium | medium.com | ||
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 154129 WordPress wp-cron Denial of Service (DoS) Vulnerability (CVE-2023-22622)