WordPress < 5.4.2 - Authenticated XSS in Block Editor

2020-06-1000:00:00

wpscan.com

Props to Sam Thomas (jazzy2fives) for finding an XSS issue where authenticated users with low privileges are able to add JavaScript to posts in the block editor.

CPENameOperatorVersion
wordpresseq5.4.1
wordpresslt5.4.2
wordpresseq5.4
wordpresslt5.4.2
wordpresseq5.3.3
wordpresslt5.3.4
wordpresseq5.3.2
wordpresslt5.3.4
wordpresseq5.3.1
wordpresslt5.3.4

Name	Operator	Version
wordpress	eq	5.4.1
wordpress	lt	5.4.2
wordpress	eq	5.4
wordpress	lt	5.4.2
wordpress	eq	5.3.3
wordpress	lt	5.3.4
wordpress	eq	5.3.2
wordpress	lt	5.3.4
wordpress	eq	5.3.1
wordpress	lt	5.3.4