WordPress <=6.1.1 wp-cron.php Schedule Timing Flaw (CVE-2023-22622)
CVE-2023-22622 Published on January 5, 2023

WordPress through 6.1.1 depends on unpredictable client visits to cause wp-cron.php execution and the resulting security updates, and the source code describes "the scenario where a site may not receive enough visits to execute scheduled tasks in a timely manner," but neither the installation guide nor the security guide mentions this default behavior, or alerts the user about security risks on installations with very few visits.

NVD

Vulnerability Analysis

Attack Vector:

ADJACENT_NETWORK

Attack Complexity:

HIGH

Privileges Required:

NONE

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

NONE

Integrity Impact:

NONE

Availability Impact:

HIGH

Products Associated with CVE-2023-22622

Want to know whenever a new CVE is published for WordPress? stack.watch will email you.

WordPress

Exploit Probability

EPSS

9.68%

Percentile

92.79%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

WordPress <=6.1.1 wp-cron.php Schedule Timing Flaw (CVE-2023-22622)CVE-2023-22622 Published on January 5, 2023

Vulnerability Analysis

Products Associated with CVE-2023-22622

Exploit Probability

WordPress <=6.1.1 wp-cron.php Schedule Timing Flaw (CVE-2023-22622)
CVE-2023-22622 Published on January 5, 2023