Demonstrating CVE-2022-21661: An Information Disclosure Bug in WordPress



This video demonstrates CVE-2022-21661, which allows an attacker to expose data stored in a connected database. Originally reported to ZDI by ngocnb and khuyenn from GiaoHangTietKiem JSC, this SQL injection bug could expose sensitive data when triggered.

For more information on the bug, read the blog with root cause analysis at:
https://www.zerodayinitiative.com/blog/2022/1/18/cve-2021-21661-exposing-database-info-via-wordpress-sql-injection

source