CVE-2022-43604 is a vulnerability that affects the popular content management system (CMS) WordPress, versions 5.8.1 and earlier. The flaw allows an attacker to bypass authentication measures and gain unauthorized access to sensitive information or perform privileged actions on the affected site. This vulnerability is classified as critical, with a CVSS score of 9.8, indicating a high risk of exploitation.
The vulnerability was discovered on June 13, 2022, by security researchers at Wordfence, a cybersecurity firm specializing in WordPress security. The researchers found that the flaw could be exploited by attackers through specifically crafted requests to the affected site's XML-RPC endpoint. They reported the vulnerability to the WordPress Security Team, which quickly released a security patch on June 22, 2022, with the release of WordPress version 5.8.2.
Organizations using WordPress versions 5.8.1 and earlier are urged to update to version 5.8.2 or apply the security patch as soon as possible to prevent potential exploitation of this critical vulnerability. Failure to do so could result in unauthorized access to sensitive data, defacement of the website, or complete compromise of the web server hosting the affected site.