Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-4973

WordPress Core, in versions up to 6.0.2, is vulnerable to Authenticated Stored Cross-Site Scripting that can be exploited by users with access to the WordPress post and page editor, typically consisting of Authors, Contributors, and Editors making it possible to inject arbitrary web scripts into posts and pages that execute if the the_meta(); function is called on that page.

Published

2024-10-16T07:15:12.497

Last Modified

2024-10-30T15:58:30.907

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 4.9 (MEDIUM)

Weaknesses

Type: Primary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	wordpress	wordpress	≤ 6.0.2	Yes

References

https://core.trac.wordpress.org/changeset/53961 Patch ([email protected])
https://wordpress.org/news/2022/08/wordpress-6-0-2-security-and-maintenance-release/ Release Notes ([email protected])
https://www.wordfence.com/blog/2022/08/wordpress-core-6-0-2-security-maintenance-release-what-you-need-to-know/ Third Party Advisory ([email protected])
https://www.wordfence.com/threat-intel/vulnerabilities/id/b5582e89-83e6-4898-b9fe-09eddeb5f7ae?source=cve Third Party Advisory ([email protected])