Lucene search

K
nvd[email protected]NVD:CVE-2022-43500
HistoryDec 05, 2022 - 4:15 a.m.

CVE-2022-43500

2022-12-0504:15:10
CWE-79
web.nvd.nist.gov
wordpress
cross-site scripting
vulnerability
remote attacker
arbitrary script
patched release

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.002 Low

EPSS

Percentile

57.2%

Cross-site scripting vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to inject an arbitrary script. The developer also provides new patched releases for all versions since 3.7.

Affected configurations

NVD
Node
wordpresswordpressRange<3.7.40
OR
wordpresswordpressRange3.83.8.40
OR
wordpresswordpressRange3.93.9.39
OR
wordpresswordpressRange4.04.0.37
OR
wordpresswordpressRange4.14.1.37
OR
wordpresswordpressRange4.24.2.34
OR
wordpresswordpressRange4.34.3.30
OR
wordpresswordpressRange4.44.4.29
OR
wordpresswordpressRange4.54.5.28
OR
wordpresswordpressRange4.64.6.25
OR
wordpresswordpressRange4.74.7.25
OR
wordpresswordpressRange4.84.8.21
OR
wordpresswordpressRange4.94.9.22
OR
wordpresswordpressRange5.05.0.18
OR
wordpresswordpressRange5.15.1.15
OR
wordpresswordpressRange5.25.2.17
OR
wordpresswordpressRange5.35.3.14
OR
wordpresswordpressRange5.45.4.12
OR
wordpresswordpressRange5.55.5.11
OR
wordpresswordpressRange5.65.6.10
OR
wordpresswordpressRange5.75.7.8
OR
wordpresswordpressRange5.85.8.6
OR
wordpresswordpressRange5.95.9.5
OR
wordpresswordpressRange6.06.0.3

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.002 Low

EPSS

Percentile

57.2%