Veracode Vulnerability DatabaseVERACODE:44142Cross-Site Scripting (XSS)
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
AI Score
Confidence
High
EPSS
Percentile
45.0%
wordpress is vulnerable to Cross-Site Scripting (XSS). An authenticated attacker could exploit this vulnerability to inject malicious code into the WordPress dashboard, which could then be executed by other users of the WordPress website.
References
patchstack.com/articles/wordpress-core-6-3-2-security-update-technical-advisory?_s_id=cve
patchstack.com/database/vulnerability/gutenberg/wordpress-gutenberg-plugin-16-8-0-contributor-stored-xss-in-navigation-links-block-vulnerability?_s_id=cve
patchstack.com/database/vulnerability/wordpress/wordpress-core-6-3-2-contributor-stored-xss-in-navigation-links-block-vulnerability?_s_id=cve
security-tracker.debian.org/tracker/CVE-2023-38000
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
AI Score
Confidence
High
EPSS
Percentile
45.0%