WordPress Core 6.0.2 Authenticated Stored XSS via the_meta()
CVE-2022-4973 Published on October 16, 2024
WordPress Core < 6.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via use of the_meta(); function
WordPress Core, in versions up to 6.0.2, is vulnerable to Authenticated Stored Cross-Site Scripting that can be exploited by users with access to the WordPress post and page editor, typically consisting of Authors, Contributors, and Editors making it possible to inject arbitrary web scripts into posts and pages that execute if the the_meta(); function is called on that page.
Timeline
Disclosed
Weakness Type
What is a XSS Vulnerability?
The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
CVE-2022-4973 has been classified to as a XSS vulnerability or weakness.
Products Associated with CVE-2022-4973
Want to know whenever a new CVE is published for WordPress? stack.watch will email you.
Affected Versions
WordPress Foundation WordPress:- Version *, <= 3.6.1 is affected.
- Version 3.7, <= 3.7.38 is affected.
- Version 3.8, <= 3.8.38 is affected.
- Version 3.9, <= 3.9.36 is affected.
- Version 4.0, <= 4.0.35 is affected.
- Version 4.1, <= 4.1.35 is affected.
- Version 4.2, <= 4.2.32 is affected.
- Version 4.3, <= 4.3.28 is affected.
- Version 4.4, <= 4.4.27 is affected.
- Version 4.5, <= 4.5.26 is affected.
- Version 4.6, <= 4.6.23 is affected.
- Version 4.7, <= 4.7.23 is affected.
- Version 4.8, <= 4.8.19 is affected.
- Version 4.9, <= 4.9.20 is affected.
- Version 5.0, <= 5.0.16 is affected.
- Version 5.1, <= 5.1.13 is affected.
- Version 5.2, <= 5.2.15 is affected.
- Version 5.3, <= 5.3.12 is affected.
- Version 5.4, <= 5.4.10 is affected.
- Version 5.5, <= 5.5.9 is affected.
- Version 5.6, <= 5.6.8 is affected.
- Version 5.7, <= 5.7.6 is affected.
- Version 5.8, <= 5.8.4 is affected.
- Version 5.9, <= 5.9.3 is affected.
- Version 6.0, <= 6.0.1 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.