CVE-2022-21664: 
NixOS vulnerability analysis and mitigation

WordPress versions 4.1 through 5.8.2 contained a SQL injection vulnerability due to improper sanitization in the WP_Meta_Query class. The vulnerability was discovered by Ben Bidner from the WordPress security team and was patched in WordPress version 5.8.3 released on January 6, 2022. All affected versions dating back to 4.1.34 received security updates to address this issue (WordPress News, GitHub Advisory).

The vulnerability stemmed from insufficient sanitization in the WP_Meta_Query class, which could potentially allow unintended SQL queries to be executed. The fix involved improving sanitization by adding proper input validation through the use of preg_replace to sanitize table aliases, as evidenced in the patch that modified the find_compatible_table_alias function (WordPress Commit).

The vulnerability could allow attackers to perform blind SQL injection attacks against affected WordPress installations. This could potentially lead to unauthorized database access and manipulation of website content (GitHub Advisory).

The recommended mitigation is to update to WordPress version 5.8.3 or the corresponding security release for older versions. WordPress strongly recommends keeping auto-updates enabled to ensure timely application of security patches. There were no known workarounds for this vulnerability, making updating the only effective solution (WordPress News, Debian Security).

The vulnerability was treated with high priority by major Linux distributions, with Debian, Fedora, and others quickly releasing security updates to address the issue. Both Debian and Fedora issued security advisories to their users, highlighting the significance of the vulnerability (Debian Security, Fedora Update).