BIT-wordpress-2022-4973

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/wordpress/BIT-wordpress-2022-4973.json

JSON Data

https://api.test.osv.dev/v1/vulns/BIT-wordpress-2022-4973

Aliases

Published

2024-10-18T07:22:50.306Z

Modified

2024-10-31T07:36:12.253Z

Summary

[none]

Details

WordPress Core, in versions up to 6.0.2, is vulnerable to Authenticated Stored Cross-Site Scripting that can be exploited by users with access to the WordPress post and page editor, typically consisting of Authors, Contributors, and Editors making it possible to inject arbitrary web scripts into posts and pages that execute if the the_meta(); function is called on that page.

Database specific

{
    "cpes": [
        "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*"
    ],
    "severity": "Medium"
}

References

Affected packages

Bitnami / wordpress

Package

Name: wordpress
Purl: pkg:bitnami/wordpress

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.6.2

Introduced

3.7.0

Fixed

3.7.39

Introduced

3.8.0

Fixed

3.8.39

Introduced

3.9.0

Fixed

3.9.37

Introduced

4.0.0

Fixed

4.0.36

Introduced

4.1.0

Fixed

4.1.36

Introduced

4.2.0

Fixed

4.2.33

Introduced

4.3.0

Fixed

4.3.29

Introduced

4.4.0

Fixed

4.4.28

Introduced

4.5.0

Fixed

4.5.27

Introduced

4.6.0

Fixed

4.6.24

Introduced

4.7.0

Fixed

4.7.24

Introduced

4.8.0

Fixed

4.8.20

Introduced

4.9.0

Fixed

4.9.21

Introduced

5.0.0

Fixed

5.0.17

Introduced

5.1.0

Fixed

5.1.14

Introduced

5.2.0

Fixed

5.2.16

Introduced

5.3.0

Fixed

5.3.13

Introduced

5.4.0

Fixed

5.4.11

Introduced

5.5.0

Fixed

5.5.10

Introduced

5.6.0

Fixed

5.6.9

Introduced

5.7.0

Fixed

5.7.7

Introduced

5.8.0

Fixed

5.8.5

Introduced

5.9.0

Fixed

5.9.4

Introduced

6.0.0

Fixed

6.0.2