First published: Mon Dec 05 2022(Updated: )
Cross-site scripting vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to inject an arbitrary script. The developer also provides new patched releases for all versions since 3.7.
Credit: vultures@jpcert.or.jp vultures@jpcert.or.jp
Affected Software | Affected Version | How to fix |
---|---|---|
WordPress WordPress | <3.7.40 | |
WordPress WordPress | >=3.8<3.8.40 | |
WordPress WordPress | >=3.9<3.9.39 | |
WordPress WordPress | >=4.0<4.0.37 | |
WordPress WordPress | >=4.1<4.1.37 | |
WordPress WordPress | >=4.2<4.2.34 | |
WordPress WordPress | >=4.3<4.3.30 | |
WordPress WordPress | >=4.4<4.4.29 | |
WordPress WordPress | >=4.5<4.5.28 | |
WordPress WordPress | >=4.6<4.6.25 | |
WordPress WordPress | >=4.7<4.7.25 | |
WordPress WordPress | >=4.8<4.8.21 | |
WordPress WordPress | >=4.9<4.9.22 | |
WordPress WordPress | >=5.0<5.0.18 | |
WordPress WordPress | >=5.1<5.1.15 | |
WordPress WordPress | >=5.2<5.2.17 | |
WordPress WordPress | >=5.3<5.3.14 | |
WordPress WordPress | >=5.4<5.4.12 | |
WordPress WordPress | >=5.5<5.5.11 | |
WordPress WordPress | >=5.6<5.6.10 | |
WordPress WordPress | >=5.7<5.7.8 | |
WordPress WordPress | >=5.8<5.8.6 | |
WordPress WordPress | >=5.9<5.9.5 | |
WordPress WordPress | >=6.0<6.0.3 | |
<3.7.40 | ||
>=3.8<3.8.40 | ||
>=3.9<3.9.39 | ||
>=4.0<4.0.37 | ||
>=4.1<4.1.37 | ||
>=4.2<4.2.34 | ||
>=4.3<4.3.30 | ||
>=4.4<4.4.29 | ||
>=4.5<4.5.28 | ||
>=4.6<4.6.25 | ||
>=4.7<4.7.25 | ||
>=4.8<4.8.21 | ||
>=4.9<4.9.22 | ||
>=5.0<5.0.18 | ||
>=5.1<5.1.15 | ||
>=5.2<5.2.17 | ||
>=5.3<5.3.14 | ||
>=5.4<5.4.12 | ||
>=5.5<5.5.11 | ||
>=5.6<5.6.10 | ||
>=5.7<5.7.8 | ||
>=5.8<5.8.6 | ||
>=5.9<5.9.5 | ||
>=6.0<6.0.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2022-43497.
The severity of CVE-2022-43497 is medium.
The affected software is WordPress versions prior to 6.0.3.
A remote unauthenticated attacker can exploit CVE-2022-43497 by injecting an arbitrary script.
CVE-2022-43497 can be fixed by upgrading WordPress to version 6.0.3 or applying the provided patched releases for all versions since 3.7.