WordPress Core <6.5.2 - Cross-Site Scripting

WordPress Core is vulnerable to Stored Cross-Site Scripting via user display names in the Avatar block in various versions up to 6.5.2 due to insufficient output escaping on the display name. id: CVE-2024-4439 info: name: WordPress Core 6.5.2 - Cross-Site Scripting author: nqdung2002 severity: hi...

BIT-WORDPRESS-2024-4439

WordPress Core is vulnerable to Stored Cross-Site Scripting via user display names in the Avatar block in various versions up to 6.5.2 due to insufficient output escaping on the display name. This makes it possible for authenticated attackers, with contributor-level access and above, to inject...

CVE-2024-4439

WordPress Core is vulnerable to Stored Cross-Site Scripting via user display names in the Avatar block in various versions up to 6.5.2 due to insufficient output escaping on the display name. This makes it possible for authenticated attackers, with contributor-level access and above, to inject...

CVE-2024-4439

WordPress Core is vulnerable to Stored Cross-Site Scripting via user display names in the Avatar block in various versions up to 6.5.2 due to insufficient output escaping on the display name. This makes it possible for authenticated attackers, with contributor-level access and above, to inject...

CVE-2024-4439

WordPress Core is vulnerable to Stored Cross-Site Scripting via user display names in the Avatar block in various versions up to 6.5.2 due to insufficient output escaping on the display name. This makes it possible for authenticated attackers, with contributor-level access and above, to inject...

CVE-2024-4439

WordPress Core prior to 6.5.2 is affected by CVE-2024-4439: a stored XSS in user display names used in the Avatar block, due to insufficient output escaping. The issue allows authenticated attackers with contributor-level access and above to inject scripts, and can also affect unauthenticated use...

WordPress 跨站脚本漏洞

WordPress is a suite of blogging platforms developed in the PHP language by the WordPress Foundation. The platform supports personal blog sites on servers running PHP and MySQL. A cross-site scripting vulnerability exists in WordPress Core 6.5.2 and earlier versions, which stems from insufficient...

Fedora 38 : wordpress (2024-0a2f144348)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-0a2f144348 advisory. WordPress 6.4.4 Security Release Security updates included in this release A cross-site scripting XSS vulnerability affecting the Avatar block type; reported...

FreeBSD : wordpress -- XSS (ea4a2dfc-f761-11ee-af2c-589cfc0f81b0)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the ea4a2dfc-f761-11ee-af2c-589cfc0f81b0 advisory. - The Wordpress team reports: A cross-site scripting XSS vulnerability affecting the Avatar block type...

Unauthenticated Stored Cross-Site Scripting Vulnerability Patched in WordPress Core

WordPress 6.5.2 was released yesterday, on April 9, 2024. It included a single security patch, along with a handful of bug fixes. The security patch was for a Stored Cross-Site Scripting vulnerability that could be exploited by both unauthenticated users, when a comment block is present on a page...

WordPress Gutenberg plugin 12.9.0-18.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Avatar Block vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Avatar Block vulnerability discovered by John Blackbourn in WordPress Plugin Gutenberg versions 12.9.0-18.0.0...

WordPress Core <= 6.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Via Avatar Block vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting Via Avatar Block vulnerability discovered by John Blackbourn in WordPress core versions = 6.5.0...

PT-2024-3429

Name of the Vulnerable Software and Affected Versions: WordPress Core versions 6.0 through 6.0.7 WordPress Core versions 6.1 through 6.1.5 WordPress Core versions 6.2 through 6.2.4 WordPress Core versions 6.3 through 6.3.3 WordPress Core versions 6.4 through 6.4.3 WordPress Core versions 6.5...

wordpress -- XSS

The Wordpress team reports: A cross-site scripting XSS vulnerability affecting the Avatar block type...