← Zuruck zu CVEs

CVE-2022-4973

MEDIUM

4.9

Beschreibung

WordPress Core, in versions up to 6.0.2, is vulnerable to Authenticated Stored Cross-Site Scripting that can be exploited by users with access to the WordPress post and page editor, typically consisting of Authors, Contributors, and Editors making it possible to inject arbitrary web scripts into posts and pages that execute if the the_meta(); function is called on that page.

CVE Details

CVSS v3.1 Bewertung4.9

SchweregradMEDIUM

CVSS VektorCVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N

AngriffsvektorNETWORK

KomplexitatHIGH

Erforderliche PrivilegienLOW

BenutzerinteraktionNONE

Veroffentlicht10/16/2024

Zuletzt geandert10/30/2024

Quellenvd

Honeypot-Sichtungen0

Betroffene Produkte

wordpress:wordpress

Schwachen (CWE)

CWE-79

Referenzen

https://core.trac.wordpress.org/changeset/53961(security@wordfence.com)

https://wordpress.org/news/2022/08/wordpress-6-0-2-security-and-maintenance-release/(security@wordfence.com)

https://www.wordfence.com/blog/2022/08/wordpress-core-6-0-2-security-maintenance-release-what-you-need-to-know/(security@wordfence.com)

https://www.wordfence.com/threat-intel/vulnerabilities/id/b5582e89-83e6-4898-b9fe-09eddeb5f7ae?source=cve(security@wordfence.com)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.