Lucene search

JpcertCVE-2022-43500

HistoryDec 05, 2022 - 4:15 a.m.

CVE-2022-43500

2022-12-0504:15:10

CWE-79

jpcert

web.nvd.nist.gov

114

cve

2022

43500

cross-site scripting

wordpress

vulnerability

nvd

patched

release

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

Confidence

High

EPSS

0.002

Percentile

57.2%

JSON

Cross-site scripting vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to inject an arbitrary script. The developer also provides new patched releases for all versions since 3.7.

Affected configurations

Nvd

Vulners

Node

wordpresswordpressRange<3.7.40

wordpresswordpressRange3.8–3.8.40

wordpresswordpressRange3.9–3.9.39

wordpresswordpressRange4.0–4.0.37

wordpresswordpressRange4.1–4.1.37

wordpresswordpressRange4.2–4.2.34

wordpresswordpressRange4.3–4.3.30

wordpresswordpressRange4.4–4.4.29

wordpresswordpressRange4.5–4.5.28

wordpresswordpressRange4.6–4.6.25

wordpresswordpressRange4.7–4.7.25

wordpresswordpressRange4.8–4.8.21

wordpresswordpressRange4.9–4.9.22

wordpresswordpressRange5.0–5.0.18

wordpresswordpressRange5.1–5.1.15

wordpresswordpressRange5.2–5.2.17

wordpresswordpressRange5.3–5.3.14

wordpresswordpressRange5.4–5.4.12

wordpresswordpressRange5.5–5.5.11

wordpresswordpressRange5.6–5.6.10

wordpresswordpressRange5.7–5.7.8

wordpresswordpressRange5.8–5.8.6

wordpresswordpressRange5.9–5.9.5

wordpresswordpressRange6.0–6.0.3

VendorProductVersionCPE
wordpresswordpress*cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
wordpress	wordpress	*	cpe:2.3:a:wordpress:wordpress::::::::

CNA Affected

[
  {
    "vendor": "WordPress.org",
    "product": "WordPress",
    "versions": [
      {
        "version": "versions prior to 6.0.3",
        "status": "affected"
      }
    ]
  }
]