Support » Fixing WordPress » CVE-2021-44228 – log4j – wordpress affected or newspaper?

  • Hi.

    Regarding new explot with 10/10 severity. If you track that, then you know probably about details how that works. My questiion is more – what standard elements of wordpress or themes are affected. i’m trying to find out that, but it is hard.

    As you can see, and read for example on https://blog.cloudflare.com/actual-cve-2021-44228-payloads-captured-in-the-wild/

    payloads are quite nice and simple wordfence IP blocking won’t work here.
    So.

    Anyone can confirm/deny if wordpress (lattest) with newspapaer is affected or not?

    Thanks

Viewing 4 replies - 1 through 4 (of 4 total)
  • Moderator Yui

    (@fierevere)

    ゆい

    WordPress is not using any Java components (dont confuse with JavaScript! It is different)

    this vulnerability is not applicable

    PS: Plugins & themes are also safe.

    Thread Starter lin2121

    (@lin2121)

    While it is using javascript, I’m asking also if anyone is aware of any plugin that can use that, as then attract vector may come from plugin side/webapp.

    Thanks for clarification.

    Moderator Yui

    (@fierevere)

    ゆい

    Java is NOT JavaScript, it is completely different programming languages.

    Also log4j is server-side Java component. WordPress is using ONLY PHP at server side.

    Same for themes and plugins.

    Moderator Steve Stern (sterndata)

    (@sterndata)

    Forum Moderator & Support Team Rep

    And just a note that these forums are not for discussing attack vectors and vulns.

Viewing 4 replies - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.