BIT-WORDPRESS-MULTISITE-2022-4973 WordPress Core < 6.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via use of the_meta(); function

WordPress Core, in versions up to 6.0.2, is vulnerable to Authenticated Stored Cross-Site Scripting that can be exploited by users with access to the WordPress post and page editor, typically consisting of Authors, Contributors, and Editors making it possible to inject arbitrary web scripts into...

Cross-site Scripting (XSS)

Overview johnpbloch/wordpress-core is a web software you can use to create a website or blog. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the themeta function due to improper input sanitization. An attacker with access to the WordPress post and page editor can...

CVE-2022-4973

WordPress Core, in versions up to 6.0.2, is vulnerable to Authenticated Stored Cross-Site Scripting that can be exploited by users with access to the WordPress post and page editor, typically consisting of Authors, Contributors, and Editors making it possible to inject arbitrary web scripts into...

UBUNTU-CVE-2022-4973

WordPress Core, in versions up to 6.0.2, is vulnerable to Authenticated Stored Cross-Site Scripting that can be exploited by users with access to the WordPress post and page editor, typically consisting of Authors, Contributors, and Editors making it possible to inject arbitrary web scripts into...

CVE-2022-4973

CVE-2022-4973 affects WordPress Core

PT-2024-11910 · WordPress · Wordpress

Name of the Vulnerable Software and Affected Versions: WordPress Core versions up to 6.0.2 Description: The issue allows users with access to the WordPress post and page editor, typically Authors, Contributors, and Editors, to inject arbitrary web scripts into posts and pages. These scripts execu...