CVE-2022-43500

State: PUBLISHED · Published: 2022-12-05 · Updated: 2025-04-24 · Assigner: jpcert

Description

Cross-site scripting vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to inject an arbitrary script. The developer also provides new patched releases for all versions since 3.7.

CWE

CWE-79 — CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected

WordPress.org / WordPress — v=versions prior to 6.0.3 [affected]

CVSS

(none)

References

https://wordpress.org/download/
https://wordpress.org/news/2022/10/wordpress-6-0-3-security-release/
https://jvn.jp/en/jp/JVN09409909/index.html

Source

cvelistV5-main/cves/2022/43xxx/CVE-2022-43500.json