← Voltar para CVEs

CVE-2022-4973

MEDIUM

4.9

Descricao

WordPress Core, in versions up to 6.0.2, is vulnerable to Authenticated Stored Cross-Site Scripting that can be exploited by users with access to the WordPress post and page editor, typically consisting of Authors, Contributors, and Editors making it possible to inject arbitrary web scripts into posts and pages that execute if the the_meta(); function is called on that page.

Detalhes CVE

Pontuacao CVSS v3.14.9

SeveridadeMEDIUM

Vetor CVSSCVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N

Vetor de ataqueNETWORK

ComplexidadeHIGH

Privilegios necessariosLOW

Interacao do usuarioNONE

Publicado10/16/2024

Ultima modificacao10/30/2024

Fontenvd

Avistamentos honeypot0

Produtos afetados

wordpress:wordpress

Fraquezas (CWE)

CWE-79

Referencias

https://core.trac.wordpress.org/changeset/53961(security@wordfence.com)

https://wordpress.org/news/2022/08/wordpress-6-0-2-security-and-maintenance-release/(security@wordfence.com)

https://www.wordfence.com/blog/2022/08/wordpress-core-6-0-2-security-maintenance-release-what-you-need-to-know/(security@wordfence.com)

https://www.wordfence.com/threat-intel/vulnerabilities/id/b5582e89-83e6-4898-b9fe-09eddeb5f7ae?source=cve(security@wordfence.com)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.