WordPress Vulnerabilities

WordPress < 5.8 - Plugin Confusion

Description

WordPress before 5.8 lacks support for the Update URI plugin header. This makes it easier for remote attackers to execute arbitrary code via a supply-chain attack against WordPress installations that use any plugin for which the slug satisfies the naming constraints of the WordPress.org Plugin Directory but is not yet present in that directory.

Affects WordPress

5.6.5
Fixed in WordPress 5.8
5.6.4
Fixed in WordPress 5.8
5.6.3
Fixed in WordPress 5.8
5.6.2
Fixed in WordPress 5.8
5.6.1
Fixed in WordPress 5.8
5.6
Fixed in WordPress 5.8
5.5.7
Fixed in WordPress 5.8
5.5.6
Fixed in WordPress 5.8
5.5.5
Fixed in WordPress 5.8
5.5.4
Fixed in WordPress 5.8
5.5.3
Fixed in WordPress 5.8
5.5.2
Fixed in WordPress 5.8
5.5.1
Fixed in WordPress 5.8
5.5
Fixed in WordPress 5.8
5.3.10
Fixed in WordPress 5.8
5.3.9
Fixed in WordPress 5.8
5.3.8
Fixed in WordPress 5.8
5.3.7
Fixed in WordPress 5.8
5.3.6
Fixed in WordPress 5.8
5.3.5
Fixed in WordPress 5.8
5.3.4
Fixed in WordPress 5.8
5.3.3
Fixed in WordPress 5.8
5.3.2
Fixed in WordPress 5.8
5.3.1
Fixed in WordPress 5.8
5.3
Fixed in WordPress 5.8
5.2.13
Fixed in WordPress 5.8
5.2.12
Fixed in WordPress 5.8
5.2.11
Fixed in WordPress 5.8
5.2.10
Fixed in WordPress 5.8
5.2.9
Fixed in WordPress 5.8
5.2.8
Fixed in WordPress 5.8
5.2.7
Fixed in WordPress 5.8
5.2.6
Fixed in WordPress 5.8
5.2.5
Fixed in WordPress 5.8
5.2.4
Fixed in WordPress 5.8
5.2.3
Fixed in WordPress 5.8
5.2.2
Fixed in WordPress 5.8
5.2.1
Fixed in WordPress 5.8
5.2
Fixed in WordPress 5.8
5.1.11
Fixed in WordPress 5.8
5.1.10
Fixed in WordPress 5.8
5.1.9
Fixed in WordPress 5.8
5.1.8
Fixed in WordPress 5.8
5.1.7
Fixed in WordPress 5.8
5.1.6
Fixed in WordPress 5.8
5.1.5
Fixed in WordPress 5.8
5.1.4
Fixed in WordPress 5.8
5.1.3
Fixed in WordPress 5.8
5.1.2
Fixed in WordPress 5.8
5.1.1
Fixed in WordPress 5.8
5.1
Fixed in WordPress 5.8
5.0.14
Fixed in WordPress 5.8
5.0.13
Fixed in WordPress 5.8
5.0.12
Fixed in WordPress 5.8
5.0.11
Fixed in WordPress 5.8
5.0.10
Fixed in WordPress 5.8
5.0.9
Fixed in WordPress 5.8
5.0.8
Fixed in WordPress 5.8
5.0.7
Fixed in WordPress 5.8
5.0.6
Fixed in WordPress 5.8
5.0.4
Fixed in WordPress 5.8
5.0.3
Fixed in WordPress 5.8
5.0.2
Fixed in WordPress 5.8
5.0.1
Fixed in WordPress 5.8
5.0
Fixed in WordPress 5.8
4.8.17
Fixed in WordPress 5.8
4.8.16
Fixed in WordPress 5.8
4.8.15
Fixed in WordPress 5.8
4.8.14
Fixed in WordPress 5.8
4.8.13
Fixed in WordPress 5.8
4.8.12
Fixed in WordPress 5.8
4.8.11
Fixed in WordPress 5.8
4.8.10
Fixed in WordPress 5.8
4.8.9
Fixed in WordPress 5.8
4.8.8
Fixed in WordPress 5.8
4.8.7
Fixed in WordPress 5.8
4.8.6
Fixed in WordPress 5.8
4.8.5
Fixed in WordPress 5.8
4.8.4
Fixed in WordPress 5.8
4.8.3
Fixed in WordPress 5.8
4.8.2
Fixed in WordPress 5.8
4.8.1
Fixed in WordPress 5.8
4.8
Fixed in WordPress 5.8
4.7.21
Fixed in WordPress 5.8
4.7.20
Fixed in WordPress 5.8
4.7.19
Fixed in WordPress 5.8
4.7.18
Fixed in WordPress 5.8
4.7.17
Fixed in WordPress 5.8
4.7.16
Fixed in WordPress 5.8
4.7.15
Fixed in WordPress 5.8
4.7.14
Fixed in WordPress 5.8
4.7.13
Fixed in WordPress 5.8
4.7.12
Fixed in WordPress 5.8
4.7.11
Fixed in WordPress 5.8
4.7.10
Fixed in WordPress 5.8
4.7.9
Fixed in WordPress 5.8
4.7.8
Fixed in WordPress 5.8
4.7.7
Fixed in WordPress 5.8
4.7.6
Fixed in WordPress 5.8
4.7.5
Fixed in WordPress 5.8
4.7.4
Fixed in WordPress 5.8
4.7.3
Fixed in WordPress 5.8
4.7.2
Fixed in WordPress 5.8
4.7.1
Fixed in WordPress 5.8
4.7
Fixed in WordPress 5.8
4.6.21
Fixed in WordPress 5.8
4.6.20
Fixed in WordPress 5.8
4.6.19
Fixed in WordPress 5.8
4.6.18
Fixed in WordPress 5.8
4.6.17
Fixed in WordPress 5.8
4.6.16
Fixed in WordPress 5.8
4.6.15
Fixed in WordPress 5.8
4.6.14
Fixed in WordPress 5.8
4.6.13
Fixed in WordPress 5.8
4.6.12
Fixed in WordPress 5.8
4.6.11
Fixed in WordPress 5.8
4.6.10
Fixed in WordPress 5.8
4.6.9
Fixed in WordPress 5.8
4.6.8
Fixed in WordPress 5.8
4.6.7
Fixed in WordPress 5.8
4.6.6
Fixed in WordPress 5.8
4.6.5
Fixed in WordPress 5.8
4.6.4
Fixed in WordPress 5.8
4.6.3
Fixed in WordPress 5.8
4.6.2
Fixed in WordPress 5.8
4.6.1
Fixed in WordPress 5.8
4.6
Fixed in WordPress 5.8
4.5.24
Fixed in WordPress 5.8
4.5.23
Fixed in WordPress 5.8
4.5.22
Fixed in WordPress 5.8
4.5.21
Fixed in WordPress 5.8
4.5.20
Fixed in WordPress 5.8
4.5.19
Fixed in WordPress 5.8
4.5.18
Fixed in WordPress 5.8
4.5.17
Fixed in WordPress 5.8
4.5.16
Fixed in WordPress 5.8
4.5.15
Fixed in WordPress 5.8
4.5.14
Fixed in WordPress 5.8
4.5.13
Fixed in WordPress 5.8
4.5.12
Fixed in WordPress 5.8
4.5.11
Fixed in WordPress 5.8
4.5.10
Fixed in WordPress 5.8
4.5.9
Fixed in WordPress 5.8
4.5.8
Fixed in WordPress 5.8
4.5.7
Fixed in WordPress 5.8
4.5.6
Fixed in WordPress 5.8
4.5.5
Fixed in WordPress 5.8
4.5.4
Fixed in WordPress 5.8
4.5.3
Fixed in WordPress 5.8
4.5.2
Fixed in WordPress 5.8
4.5.1
Fixed in WordPress 5.8
4.5
Fixed in WordPress 5.8
4.4.25
Fixed in WordPress 5.8
4.4.24
Fixed in WordPress 5.8
4.4.23
Fixed in WordPress 5.8
4.4.22
Fixed in WordPress 5.8
4.4.21
Fixed in WordPress 5.8
4.4.20
Fixed in WordPress 5.8
4.4.19
Fixed in WordPress 5.8
4.4.18
Fixed in WordPress 5.8
4.4.17
Fixed in WordPress 5.8
4.4.16
Fixed in WordPress 5.8
4.4.15
Fixed in WordPress 5.8
4.4.14
Fixed in WordPress 5.8
4.4.13
Fixed in WordPress 5.8
4.4.12
Fixed in WordPress 5.8
4.4.11
Fixed in WordPress 5.8
4.4.10
Fixed in WordPress 5.8
4.4.9
Fixed in WordPress 5.8
4.4.8
Fixed in WordPress 5.8
4.4.7
Fixed in WordPress 5.8
4.4.6
Fixed in WordPress 5.8
4.4.5
Fixed in WordPress 5.8
4.4.4
Fixed in WordPress 5.8
4.4.3
Fixed in WordPress 5.8
4.4.2
Fixed in WordPress 5.8
4.4.1
Fixed in WordPress 5.8
4.4
Fixed in WordPress 5.8
4.3.26
Fixed in WordPress 5.8
4.3.25
Fixed in WordPress 5.8
4.3.24
Fixed in WordPress 5.8
4.3.23
Fixed in WordPress 5.8
4.3.22
Fixed in WordPress 5.8
4.3.21
Fixed in WordPress 5.8
4.3.20
Fixed in WordPress 5.8
4.3.19
Fixed in WordPress 5.8
4.3.18
Fixed in WordPress 5.8
4.3.17
Fixed in WordPress 5.8
4.3.16
Fixed in WordPress 5.8
4.3.15
Fixed in WordPress 5.8
4.3.14
Fixed in WordPress 5.8
4.3.13
Fixed in WordPress 5.8
4.3.12
Fixed in WordPress 5.8
4.3.11
Fixed in WordPress 5.8
4.3.10
Fixed in WordPress 5.8
4.3.9
Fixed in WordPress 5.8
4.3.8
Fixed in WordPress 5.8
4.3.7
Fixed in WordPress 5.8
4.3.6
Fixed in WordPress 5.8
4.3.5
Fixed in WordPress 5.8
4.3.4
Fixed in WordPress 5.8
4.3.3
Fixed in WordPress 5.8
4.3.2
Fixed in WordPress 5.8
4.3.1
Fixed in WordPress 5.8
4.3
Fixed in WordPress 5.8
4.2.30
Fixed in WordPress 5.8
4.2.29
Fixed in WordPress 5.8
4.2.28
Fixed in WordPress 5.8
4.2.27
Fixed in WordPress 5.8
4.2.26
Fixed in WordPress 5.8
4.2.25
Fixed in WordPress 5.8
4.2.24
Fixed in WordPress 5.8
4.2.23
Fixed in WordPress 5.8
4.2.22
Fixed in WordPress 5.8
4.2.21
Fixed in WordPress 5.8
4.2.20
Fixed in WordPress 5.8
4.2.19
Fixed in WordPress 5.8
4.2.18
Fixed in WordPress 5.8
4.2.17
Fixed in WordPress 5.8
4.2.16
Fixed in WordPress 5.8
4.2.15
Fixed in WordPress 5.8
4.2.14
Fixed in WordPress 5.8
4.2.13
Fixed in WordPress 5.8
4.2.12
Fixed in WordPress 5.8
4.2.11
Fixed in WordPress 5.8
4.2.10
Fixed in WordPress 5.8
4.2.9
Fixed in WordPress 5.8
4.2.8
Fixed in WordPress 5.8
4.2.7
Fixed in WordPress 5.8
4.2.6
Fixed in WordPress 5.8
4.2.5
Fixed in WordPress 5.8
4.2.4
Fixed in WordPress 5.8
4.2.3
Fixed in WordPress 5.8
4.2.2
Fixed in WordPress 5.8
4.2.1
Fixed in WordPress 5.8
4.2
Fixed in WordPress 5.8
4.1.33
Fixed in WordPress 5.8
4.1.32
Fixed in WordPress 5.8
4.1.31
Fixed in WordPress 5.8
4.1.30
Fixed in WordPress 5.8
4.1.29
Fixed in WordPress 5.8
4.1.28
Fixed in WordPress 5.8
4.1.27
Fixed in WordPress 5.8
4.1.26
Fixed in WordPress 5.8
4.1.25
Fixed in WordPress 5.8
4.1.24
Fixed in WordPress 5.8
4.1.23
Fixed in WordPress 5.8
4.1.22
Fixed in WordPress 5.8
4.1.21
Fixed in WordPress 5.8
4.1.20
Fixed in WordPress 5.8
4.1.19
Fixed in WordPress 5.8
4.1.18
Fixed in WordPress 5.8
4.1.17
Fixed in WordPress 5.8
4.1.16
Fixed in WordPress 5.8
4.1.15
Fixed in WordPress 5.8
4.1.14
Fixed in WordPress 5.8
4.1.13
Fixed in WordPress 5.8
4.1.12
Fixed in WordPress 5.8
4.1.11
Fixed in WordPress 5.8
4.1.10
Fixed in WordPress 5.8
4.1.9
Fixed in WordPress 5.8
4.1.8
Fixed in WordPress 5.8
4.1.7
Fixed in WordPress 5.8
4.1.6
Fixed in WordPress 5.8
4.1.5
Fixed in WordPress 5.8
4.1.4
Fixed in WordPress 5.8
4.1.3
Fixed in WordPress 5.8
4.1.2
Fixed in WordPress 5.8
4.1.1
Fixed in WordPress 5.8
4.1
Fixed in WordPress 5.8
4.0.33
Fixed in WordPress 5.8
4.0.32
Fixed in WordPress 5.8
4.0.31
Fixed in WordPress 5.8
4.0.30
Fixed in WordPress 5.8
4.0.29
Fixed in WordPress 5.8
4.0.28
Fixed in WordPress 5.8
4.0.27
Fixed in WordPress 5.8
4.0.26
Fixed in WordPress 5.8
4.0.25
Fixed in WordPress 5.8
4.0.24
Fixed in WordPress 5.8
4.0.23
Fixed in WordPress 5.8
4.0.22
Fixed in WordPress 5.8
4.0.21
Fixed in WordPress 5.8
4.0.20
Fixed in WordPress 5.8
4.0.19
Fixed in WordPress 5.8
4.0.18
Fixed in WordPress 5.8
4.0.17
Fixed in WordPress 5.8
4.0.16
Fixed in WordPress 5.8
4.0.15
Fixed in WordPress 5.8
4.0.14
Fixed in WordPress 5.8
4.0.13
Fixed in WordPress 5.8
4.0.12
Fixed in WordPress 5.8
4.0.11
Fixed in WordPress 5.8
4.0.10
Fixed in WordPress 5.8
4.0.9
Fixed in WordPress 5.8
4.0.8
Fixed in WordPress 5.8
4.0.7
Fixed in WordPress 5.8
4.0.6
Fixed in WordPress 5.8
4.0.5
Fixed in WordPress 5.8
4.0.4
Fixed in WordPress 5.8
4.0.3
Fixed in WordPress 5.8
4.0.2
Fixed in WordPress 5.8
4.0.1
Fixed in WordPress 5.8
4.0
Fixed in WordPress 5.8
3.9.34
Fixed in WordPress 5.8
3.9.33
Fixed in WordPress 5.8
3.9.32
Fixed in WordPress 5.8
3.9.31
Fixed in WordPress 5.8
3.9.30
Fixed in WordPress 5.8
3.9.29
Fixed in WordPress 5.8
3.9.28
Fixed in WordPress 5.8
3.9.27
Fixed in WordPress 5.8
3.9.26
Fixed in WordPress 5.8
3.9.25
Fixed in WordPress 5.8
3.9.24
Fixed in WordPress 5.8
3.9.23
Fixed in WordPress 5.8
3.9.22
Fixed in WordPress 5.8
3.9.21
Fixed in WordPress 5.8
3.9.20
Fixed in WordPress 5.8
3.9.19
Fixed in WordPress 5.8
3.9.18
Fixed in WordPress 5.8
3.9.17
Fixed in WordPress 5.8
3.9.16
Fixed in WordPress 5.8
3.9.15
Fixed in WordPress 5.8
3.9.14
Fixed in WordPress 5.8
3.9.13
Fixed in WordPress 5.8
3.9.12
Fixed in WordPress 5.8
3.9.11
Fixed in WordPress 5.8
3.9.10
Fixed in WordPress 5.8
3.9.9
Fixed in WordPress 5.8
3.9.8
Fixed in WordPress 5.8
3.9.7
Fixed in WordPress 5.8
3.9.6
Fixed in WordPress 5.8
3.9.5
Fixed in WordPress 5.8
3.9.4
Fixed in WordPress 5.8
3.9.3
Fixed in WordPress 5.8
3.9.2
Fixed in WordPress 5.8
3.9.1
Fixed in WordPress 5.8
3.9
Fixed in WordPress 5.8
3.8.36
Fixed in WordPress 5.8
3.8.35
Fixed in WordPress 5.8
3.8.34
Fixed in WordPress 5.8
3.8.33
Fixed in WordPress 5.8
3.8.32
Fixed in WordPress 5.8
3.8.31
Fixed in WordPress 5.8
3.8.30
Fixed in WordPress 5.8
3.8.29
Fixed in WordPress 5.8
3.8.28
Fixed in WordPress 5.8
3.8.27
Fixed in WordPress 5.8
3.8.26
Fixed in WordPress 5.8
3.8.25
Fixed in WordPress 5.8
3.8.24
Fixed in WordPress 5.8
3.8.23
Fixed in WordPress 5.8
3.8.22
Fixed in WordPress 5.8
3.8.21
Fixed in WordPress 5.8
3.8.20
Fixed in WordPress 5.8
3.8.19
Fixed in WordPress 5.8
3.8.18
Fixed in WordPress 5.8
3.8.17
Fixed in WordPress 5.8
3.8.16
Fixed in WordPress 5.8
3.8.15
Fixed in WordPress 5.8
3.8.14
Fixed in WordPress 5.8
3.8.13
Fixed in WordPress 5.8
3.8.12
Fixed in WordPress 5.8
3.8.11
Fixed in WordPress 5.8
3.8.10
Fixed in WordPress 5.8
3.8.9
Fixed in WordPress 5.8
3.8.8
Fixed in WordPress 5.8
3.8.7
Fixed in WordPress 5.8
3.8.6
Fixed in WordPress 5.8
3.8.5
Fixed in WordPress 5.8
3.8.4
Fixed in WordPress 5.8
3.8.3
Fixed in WordPress 5.8
3.8.2
Fixed in WordPress 5.8
3.8.1
Fixed in WordPress 5.8
3.8
Fixed in WordPress 5.8
3.7.36
Fixed in WordPress 5.8
3.7.35
Fixed in WordPress 5.8
3.7.34
Fixed in WordPress 5.8
3.7.33
Fixed in WordPress 5.8
3.7.32
Fixed in WordPress 5.8
3.7.31
Fixed in WordPress 5.8
3.7.30
Fixed in WordPress 5.8
3.7.29
Fixed in WordPress 5.8
3.7.28
Fixed in WordPress 5.8
3.7.27
Fixed in WordPress 5.8
3.7.26
Fixed in WordPress 5.8
3.7.25
Fixed in WordPress 5.8
3.7.24
Fixed in WordPress 5.8
3.7.23
Fixed in WordPress 5.8
3.7.22
Fixed in WordPress 5.8
3.7.21
Fixed in WordPress 5.8
3.7.20
Fixed in WordPress 5.8
3.7.19
Fixed in WordPress 5.8
3.7.18
Fixed in WordPress 5.8
3.7.17
Fixed in WordPress 5.8
3.7.16
Fixed in WordPress 5.8
3.7.15
Fixed in WordPress 5.8
3.7.14
Fixed in WordPress 5.8
3.7.13
Fixed in WordPress 5.8
3.7.12
Fixed in WordPress 5.8
3.7.11
Fixed in WordPress 5.8
3.7.10
Fixed in WordPress 5.8
3.7.9
Fixed in WordPress 5.8
3.7.8
Fixed in WordPress 5.8
3.7.7
Fixed in WordPress 5.8
3.7.6
Fixed in WordPress 5.8
3.7.5
Fixed in WordPress 5.8
3.7.4
Fixed in WordPress 5.8
3.7.3
Fixed in WordPress 5.8
3.7.2
Fixed in WordPress 5.8
3.7.1
Fixed in WordPress 5.8
3.7
Fixed in WordPress 5.8
5.4.8
Fixed in WordPress 5.8
5.4.7
Fixed in WordPress 5.8
5.4.6
Fixed in WordPress 5.8
5.4.5
Fixed in WordPress 5.8
5.4.4
Fixed in WordPress 5.8
5.4.3
Fixed in WordPress 5.8
5.4.2
Fixed in WordPress 5.8
5.4.1
Fixed in WordPress 5.8
5.4
Fixed in WordPress 5.8
4.9.18
Fixed in WordPress 5.8
4.9.17
Fixed in WordPress 5.8
4.9.16
Fixed in WordPress 5.8
4.9.15
Fixed in WordPress 5.8
4.9.14
Fixed in WordPress 5.8
4.9.13
Fixed in WordPress 5.8
4.9.12
Fixed in WordPress 5.8
4.9.11
Fixed in WordPress 5.8
4.9.10
Fixed in WordPress 5.8
4.9.9
Fixed in WordPress 5.8
4.9.8
Fixed in WordPress 5.8
4.9.7
Fixed in WordPress 5.8
4.9.6
Fixed in WordPress 5.8
4.9.5
Fixed in WordPress 5.8
4.9.4
Fixed in WordPress 5.8
4.9.3
Fixed in WordPress 5.8
4.9.2
Fixed in WordPress 5.8
4.9.1
Fixed in WordPress 5.8
4.9
Fixed in WordPress 5.8

References

CVE
CVE-2021-44223
URL
https://vavkamil.cz/2021/11/25/wordpress-plugin-confusion-update-can-get-you-pwned/

Miscellaneous

Original Researcher
Kamil Vavra
Verified
No
WPVDB ID
95e01006-84e4-4e95-b5d7-68ea7b5aa1a8

Timeline

Publicly Published
2021-11-25 (about 4 years ago)
Added
2021-11-25 (about 4 years ago)
Last Updated
2022-04-10 (about 3 years ago)

Other

Published
Title
Published
2024-12-18
Title
Download manager < 3.3.04 - Unauthenticated Download of Password-Protected Files
Published
2014-08-01
Title
Frontier Post - Publishing Posts Security Bypass
Published
2014-08-01
Title
RokBox <= 2.13 - rokbox.php Direct Request Path Disclosure
Published
2018-04-03
Title
WordPress 3.7-4.9.4 - Remove localhost Default
Published
2014-12-02
Title
Ninja Forms <= 2.8.9 - Unspecified Issue Affecting Admin Users