CVE-2022-21662 is a stored Cross-Site Scripting (XSS) vulnerability identified in the WordPress core, specifically affecting versions prior to 5.8.3. WordPress, a widely used open-source content management system written in PHP and typically paired with a MariaDB database, allows low-privileged authenticated users, such as those with author roles, to inject malicious JavaScript code into web pages. This vulnerability arises from improper neutralization of input during web page generation (CWE-79), enabling these low-privileged users to perform stored XSS attacks. The malicious script can then execute in the context of higher-privileged users, such as administrators, potentially leading to session hijacking, privilege escalation, or unauthorized actions within the WordPress administrative interface. The vulnerability has been addressed and patched in WordPress version 5.8.3, with backported fixes extending to versions as old as 3.7.37. No known workarounds exist, and auto-updates are strongly recommended to ensure protection. Despite the absence of known exploits in the wild, the vulnerability poses a significant risk due to the common use of WordPress across many websites and the potential for attackers to leverage low-privileged accounts to compromise higher-privileged ones.

For European organizations, this vulnerability could have substantial consequences, especially for those relying on WordPress for their web presence, intranet portals, or content management. Exploitation could lead to unauthorized administrative access, data theft, defacement, or the deployment of further malware within the affected environment. Given the stored nature of the XSS, malicious scripts can persist and affect multiple users over time, increasing the attack surface. Organizations handling sensitive data or operating critical services via WordPress are at risk of confidentiality breaches and integrity violations. Additionally, the compromise of administrative accounts could disrupt availability through unauthorized changes or site defacement. The impact is heightened in sectors such as government, finance, healthcare, and media, where WordPress is prevalent and data sensitivity is high. The lack of known exploits currently suggests a window for proactive mitigation before widespread attacks emerge.

1. Immediate upgrade of all WordPress installations to version 5.8.3 or later is essential to remediate this vulnerability. 2. Enable and verify that automatic updates are active to ensure timely application of future security patches. 3. Review and restrict user roles and permissions, minimizing the number of users with author-level or higher privileges to reduce the risk of exploitation. 4. Implement Web Application Firewalls (WAFs) with rules tailored to detect and block XSS payloads targeting WordPress administrative interfaces. 5. Conduct regular security audits and penetration testing focusing on user input handling and privilege escalation vectors within WordPress. 6. Educate content authors and administrators about the risks of XSS and safe content practices, including avoiding the insertion of untrusted scripts or HTML. 7. Monitor logs for unusual activities, such as unexpected script injections or administrative actions initiated by low-privileged users. 8. For organizations with custom plugins or themes, ensure these components also sanitize inputs properly to prevent similar vulnerabilities. These steps go beyond generic advice by emphasizing role management, WAF tuning, and organizational awareness.