Headline
CVE-2023-38000: WordPress core < 6.3.2 - Contributor+ Stored XSS in Navigation Links Block vulnerability - Patchstack
Auth. Stored (contributor+) Cross-Site Scripting (XSS) vulnerability in WordPress core 6.3 through 6.3.1, from 6.2 through 6.2.2, from 6.1 through 6.1.3, from 6.0 through 6.0.5, from 5.9 through 5.9.7 and Gutenberg plugin <= 16.8.0 versions.
Solution
Fixed
Update the WordPress WordPress wordpress to the latest available version (at least 6.3.2).
Found this useful? Thank Rafie Muhammad (Patchstack) for reporting this vulnerability. Buy a coffee ☕
Rafie Muhammad (Patchstack) discovered and reported this Cross Site Scripting (XSS) vulnerability in WordPress. This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site. This vulnerability has been fixed in version 6.3.2.
Other vulnerabilities in this WordPress core
1 present
287 patched
View all
WordPress plugin developer?
Start a free security program for your WordPress plugins or request an audit.
Apply for MVDP
Security researcher?
Report to Patchstack Alliance bounty platform and earn monthly cash prizes.
Learn more
Related news
Debian Linux Security Advisory 5685-1 - Several security vulnerabilities have been discovered in Wordpress, a popular content management framework, which may lead to exposure of sensitive information to an unauthorized actor in WordPress or allowing unauthenticated attackers to discern the email addresses of users who have published public posts on an affected website via an Oracle style attack.