What is the vulnerability ID for this cross-site scripting vulnerability in WordPress?

The vulnerability ID is CVE-2022-43497.

What is the severity of CVE-2022-43497?

The severity of CVE-2022-43497 is medium.

What is the affected software for CVE-2022-43497?

The affected software is WordPress versions prior to 6.0.3.

How can a remote unauthenticated attacker exploit CVE-2022-43497?

A remote unauthenticated attacker can exploit CVE-2022-43497 by injecting an arbitrary script.

How can CVE-2022-43497 be fixed?

CVE-2022-43497 can be fixed by upgrading WordPress to version 6.0.3 or applying the provided patched releases for all versions since 3.7.

Vulnerability/
CVE-2022-43497

medium

6.1

CWE

5/12/2022

3/2/2023

CVE-2022-43497: XSS

First published: Mon Dec 05 2022(Updated: )

Cross-site scripting vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to inject an arbitrary script. The developer also provides new patched releases for all versions since 3.7.

Credit: vultures@jpcert.or.jp

Affected Software	Affected Version	How to fix
WordPress WordPress	<3.7.40
WordPress WordPress	>=3.8<3.8.40
WordPress WordPress	>=3.9<3.9.39
WordPress WordPress	>=4.0<4.0.37
WordPress WordPress	>=4.1<4.1.37
WordPress WordPress	>=4.2<4.2.34
WordPress WordPress	>=4.3<4.3.30
WordPress WordPress	>=4.4<4.4.29
WordPress WordPress	>=4.5<4.5.28
WordPress WordPress	>=4.6<4.6.25
WordPress WordPress	>=4.7<4.7.25
WordPress WordPress	>=4.8<4.8.21
WordPress WordPress	>=4.9<4.9.22
WordPress WordPress	>=5.0<5.0.18
WordPress WordPress	>=5.1<5.1.15
WordPress WordPress	>=5.2<5.2.17
WordPress WordPress	>=5.3<5.3.14
WordPress WordPress	>=5.4<5.4.12
WordPress WordPress	>=5.5<5.5.11
WordPress WordPress	>=5.6<5.6.10
WordPress WordPress	>=5.7<5.7.8
WordPress WordPress	>=5.8<5.8.6
WordPress WordPress	>=5.9<5.9.5
WordPress WordPress	>=6.0<6.0.3

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the vulnerability ID for this cross-site scripting vulnerability in WordPress?
The vulnerability ID is CVE-2022-43497.
What is the severity of CVE-2022-43497?
The severity of CVE-2022-43497 is medium.
What is the affected software for CVE-2022-43497?
The affected software is WordPress versions prior to 6.0.3.
How can a remote unauthenticated attacker exploit CVE-2022-43497?
A remote unauthenticated attacker can exploit CVE-2022-43497 by injecting an arbitrary script.
How can CVE-2022-43497 be fixed?
CVE-2022-43497 can be fixed by upgrading WordPress to version 6.0.3 or applying the provided patched releases for all versions since 3.7.

agent/weakness
agent/severity
agent/author
agent/references
agent/description
agent/type
agent/event
agent/first-publish-date
agent/last-modified-date
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/wordpress
canonical/wordpress wordpress
version/wordpress wordpress/3.8
version/wordpress wordpress/3.9
version/wordpress wordpress/4.0
version/wordpress wordpress/4.1
version/wordpress wordpress/4.2
version/wordpress wordpress/4.3
version/wordpress wordpress/4.4
version/wordpress wordpress/4.5
version/wordpress wordpress/4.6
version/wordpress wordpress/4.7
version/wordpress wordpress/4.8
version/wordpress wordpress/4.9
version/wordpress wordpress/5.0
version/wordpress wordpress/5.1
version/wordpress wordpress/5.2
version/wordpress wordpress/5.3
version/wordpress wordpress/5.4
version/wordpress wordpress/5.5
version/wordpress wordpress/5.6
version/wordpress wordpress/5.7
version/wordpress wordpress/5.8
version/wordpress wordpress/5.9
version/wordpress wordpress/6.0