CVE-2022-43500 — Cross-site Scripting in Wordpress

CWE-79 — Cross-site Scripting5 documents5 sources

Severity

6.1MEDIUMNVD

EPSS

1.0%

top 22.51%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wordpress Wordpress.org Wordpress

Timeline

PublishedDec 5

Description

Cross-site scripting vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to inject an arbitrary script. The developer also provides new patched releases for all versions since 3.7.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages3 packages

▶NVDwordpress/wordpress3.8 — 3.8.40+23

▶Debianwordpress/wordpress< 5.7.8+dfsg1-0+deb11u1+3

▶CVEListV5wordpress.org/wordpressversions prior to 6.0.3

Patches

Patch: wordpress.org ↗Patch: wordpress.org ↗

🔴Vulnerability Details

OSV

CVE-2022-43500: Cross-site scripting vulnerability in WordPress versions prior to 6↗2022-12-05

▶

GHSA

GHSA-hm6q-fjph-v26v: Cross-site scripting vulnerability in WordPress versions prior to 6↗2022-12-05

▶

CVEList

CVE-2022-43500: Cross-site scripting vulnerability in WordPress versions prior to 6↗2022-12-05

▶

📋Vendor Advisories

Debian

CVE-2022-43500: wordpress - Cross-site scripting vulnerability in WordPress versions prior to 6.0.3 allows a...↗2022

▶