CVE-2022-43500: XSS
First published: Mon Dec 05 2022(Updated: )
Cross-site scripting vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to inject an arbitrary script. The developer also provides new patched releases for all versions since 3.7.
Credit: vultures@jpcert.or.jp vultures@jpcert.or.jp
| Affected Software | Affected Version | How to fix |
|---|---|---|
| WordPress WordPress | <3.7.40 | |
| WordPress WordPress | >=3.8<3.8.40 | |
| WordPress WordPress | >=3.9<3.9.39 | |
| WordPress WordPress | >=4.0<4.0.37 | |
| WordPress WordPress | >=4.1<4.1.37 | |
| WordPress WordPress | >=4.2<4.2.34 | |
| WordPress WordPress | >=4.3<4.3.30 | |
| WordPress WordPress | >=4.4<4.4.29 | |
| WordPress WordPress | >=4.5<4.5.28 | |
| WordPress WordPress | >=4.6<4.6.25 | |
| WordPress WordPress | >=4.7<4.7.25 | |
| WordPress WordPress | >=4.8<4.8.21 | |
| WordPress WordPress | >=4.9<4.9.22 | |
| WordPress WordPress | >=5.0<5.0.18 | |
| WordPress WordPress | >=5.1<5.1.15 | |
| WordPress WordPress | >=5.2<5.2.17 | |
| WordPress WordPress | >=5.3<5.3.14 | |
| WordPress WordPress | >=5.4<5.4.12 | |
| WordPress WordPress | >=5.5<5.5.11 | |
| WordPress WordPress | >=5.6<5.6.10 | |
| WordPress WordPress | >=5.7<5.7.8 | |
| WordPress WordPress | >=5.8<5.8.6 | |
| WordPress WordPress | >=5.9<5.9.5 | |
| WordPress WordPress | >=6.0<6.0.3 | |
| <3.7.40 | ||
| >=3.8<3.8.40 | ||
| >=3.9<3.9.39 | ||
| >=4.0<4.0.37 | ||
| >=4.1<4.1.37 | ||
| >=4.2<4.2.34 | ||
| >=4.3<4.3.30 | ||
| >=4.4<4.4.29 | ||
| >=4.5<4.5.28 | ||
| >=4.6<4.6.25 | ||
| >=4.7<4.7.25 | ||
| >=4.8<4.8.21 | ||
| >=4.9<4.9.22 | ||
| >=5.0<5.0.18 | ||
| >=5.1<5.1.15 | ||
| >=5.2<5.2.17 | ||
| >=5.3<5.3.14 | ||
| >=5.4<5.4.12 | ||
| >=5.5<5.5.11 | ||
| >=5.6<5.6.10 | ||
| >=5.7<5.7.8 | ||
| >=5.8<5.8.6 | ||
| >=5.9<5.9.5 | ||
| >=6.0<6.0.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability identifier for this WordPress vulnerability?
The vulnerability identifier for this WordPress vulnerability is CVE-2022-43500.
What is the severity of CVE-2022-43500?
The severity of CVE-2022-43500 is medium.
How does CVE-2022-43500 affect WordPress?
CVE-2022-43500 is a cross-site scripting vulnerability that affects WordPress versions prior to 6.0.3.
How can an attacker exploit CVE-2022-43500?
An attacker can exploit CVE-2022-43500 by injecting arbitrary scripts into a vulnerable WordPress website.
How can I fix CVE-2022-43500?
To fix CVE-2022-43500, update your WordPress installation to version 6.0.3 or later.
- agent/type
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/references
- agent/severity
- agent/remedy
- agent/weakness
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/first-publish-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/author
- agent/tags
- agent/softwarecombine
- agent/event
- vendor/wordpress
- canonical/wordpress wordpress
- version/wordpress wordpress/3.8
- version/wordpress wordpress/3.9
- version/wordpress wordpress/4.0
- version/wordpress wordpress/4.1
- version/wordpress wordpress/4.2
- version/wordpress wordpress/4.3
- version/wordpress wordpress/4.4
- version/wordpress wordpress/4.5
- version/wordpress wordpress/4.6
- version/wordpress wordpress/4.7
- version/wordpress wordpress/4.8
- version/wordpress wordpress/4.9
- version/wordpress wordpress/5.0
- version/wordpress wordpress/5.1
- version/wordpress wordpress/5.2
- version/wordpress wordpress/5.3
- version/wordpress wordpress/5.4
- version/wordpress wordpress/5.5
- version/wordpress wordpress/5.6
- version/wordpress wordpress/5.7
- version/wordpress wordpress/5.8
- version/wordpress wordpress/5.9
- version/wordpress wordpress/6.0