Support » Fixing WordPress » CVE-2021-44228 – log4j – wordpress affected or newspaper?

  • Hi.

    Regarding new explot with 10/10 severity. If you track that, then you know probably about details how that works. My questiion is more – what standard elements of wordpress or themes are affected. i’m trying to find out that, but it is hard.

    As you can see, and read for example on

    payloads are quite nice and simple wordfence IP blocking won’t work here.

    Anyone can confirm/deny if wordpress (lattest) with newspapaer is affected or not?


Viewing 4 replies - 1 through 4 (of 4 total)
  • Moderator Yui



    WordPress is not using any Java components (dont confuse with JavaScript! It is different)

    this vulnerability is not applicable

    PS: Plugins & themes are also safe.

    Thread Starter lin2121


    While it is using javascript, I’m asking also if anyone is aware of any plugin that can use that, as then attract vector may come from plugin side/webapp.

    Thanks for clarification.

    Moderator Yui



    Java is NOT JavaScript, it is completely different programming languages.

    Also log4j is server-side Java component. WordPress is using ONLY PHP at server side.

    Same for themes and plugins.

    Moderator Steve Stern (sterndata)


    Forum Moderator & Support Team Rep

    And just a note that these forums are not for discussing attack vectors and vulns.

Viewing 4 replies - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.