CVE-2023-38000

🗓️ 13 Oct 2023 09:55:54Reported by PatchstackType

CVE-2023-38000 XSS vulnerability in WordPress core and Gutenberg plugin versions

Reporter	Title	Published	Views	Family All 30
Circl	CVE-2023-38000	13 Oct 202314:28	–	circl
CNNVD	WordPress Cross-Site Scripting Vulnerability	13 Oct 202300:00	–	cnnvd
Cvelist	CVE-2023-38000 Auth. Stored Cross-Site Scripting (XSS) vulnerability in WordPress core and Gutenberg plugin via Navigation Links Block	13 Oct 202309:55	–	cvelist
Debian	[SECURITY] [DSA 5685-1] wordpress security update	8 May 202421:49	–	debian
Debian CVE	CVE-2023-38000	13 Oct 202309:55	–	debiancve
Tenable Nessus	Debian dsa-5685 : wordpress - security update	9 May 202400:00	–	nessus
Tenable Nessus	Linux Distros Unpatched Vulnerability : CVE-2023-38000	21 Aug 202500:00	–	nessus
Tenable Nessus	WordPress 6.0 < 6.3.2 Multiple Vulnerabilities	12 Oct 202300:00	–	nessus
EUVD	EUVD-2023-41827	3 Oct 202520:07	–	euvd
NVD	CVE-2023-38000	13 Oct 202310:15	–	nvd

NVD

Vulners

Node

wordpress wordpressRange5.9–5.9.7

wordpress wordpressRange6.0–6.0.5

wordpress wordpressRange6.1–6.1.3

wordpress wordpressRange6.2–6.2.2

wordpress wordpressRange6.3–6.3.1

Node

wordpress gutenbergRange≤16.8.0wordpress

[
  {
    "defaultStatus": "unaffected",
    "product": "WordPress",
    "vendor": "WordPress.org",
    "versions": [
      {
        "changes": [
          {
            "at": "6.3.2",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "6.3.1",
        "status": "affected",
        "version": "6.3",
        "versionType": "custom"
      },
      {
        "changes": [
          {
            "at": "6.2.3",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "6.2.2",
        "status": "affected",
        "version": "6.2",
        "versionType": "custom"
      },
      {
        "changes": [
          {
            "at": "6.1.4",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "6.1.3",
        "status": "affected",
        "version": "6.1",
        "versionType": "custom"
      },
      {
        "changes": [
          {
            "at": "6.0.6",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "6.0.5",
        "status": "affected",
        "version": "6.0",
        "versionType": "custom"
      },
      {
        "changes": [
          {
            "at": "5.9.8",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "5.9.7",
        "status": "affected",
        "version": "5.9",
        "versionType": "custom"
      }
    ]
  },
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "gutenberg",
    "product": "Gutenberg",
    "vendor": "Gutenberg Team",
    "versions": [
      {
        "changes": [
          {
            "at": "16.8.1",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "16.8.0",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
patchstack	www.patchstack.com/database/vulnerability/wordpress/wordpress-core-6-3-2-contributor-stored-xss-in-navigation-links-block-vulnerability
patchstack	www.patchstack.com/articles/wordpress-core-6-3-2-security-update-technical-advisory
patchstack	www.patchstack.com/database/vulnerability/gutenberg/wordpress-gutenberg-plugin-16-8-0-contributor-stored-xss-in-navigation-links-block-vulnerability

28 Apr 2026 16:08Current

5.7Medium risk

Vulners AI Score5.7

CVSS 3.15.4 - 6.5

EPSS0.00347

CWE-79