Home > Vulnerability Database > CVE-2023-22622

Mend.io Vulnerability Database

CVE-2023-22622

Date: January 4, 2023

WordPress through 6.1.1 depends on unpredictable client visits to cause wp-cron.php execution and the resulting security updates, and the source code describes "the scenario where a site may not receive enough visits to execute scheduled tasks in a timely manner," but neither the installation guide nor the security guide mentions this default behavior, or alerts the user about security risks on installations with very few visits.

Language: PHP

Severity Score

5.3

Related Resources (10)

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-22622

Url: https://www.tenable.com/plugins/was/113449

Url: https://developer.wordpress.org/plugins/cron/

Url: https://wordpress.org/support/article/how-to-install-wordpress/

Url: https://medium.com/%40thecpanelguy/the-nightmare-that-is-wpcron-php-ae31c1d3ae30

Url: https://patchstack.com/articles/solving-unpredictable-wp-cron-problems-addressing-cve-2023-22622/

Url: https://medium.com/@thecpanelguy/the-nightmare-that-is-wpcron-php-ae31c1d3ae30

Url: https://wordpress.org/about/security/

Url: https://github.com/WordPress/WordPress/blob/dca7b5204b5fea54e6d1774689777b359a9222ab/wp-cron.php#L5-L8

Url: https://www.mend.io/vulnerability-database/CVE-2023-22622

Severity Score

5.3

Weakness Type (CWE)

Uncontrolled Resource Consumption ('Resource Exhaustion')

CWE-400

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	ADJACENT_NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2023-22622

Date: January 4, 2023

Language: PHP

Severity Score

Related Resources (10)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?