← back
CVE-2023-38000

Auth. Stored Cross-Site Scripting (XSS) vulnerability in WordPress core and Gutenberg plugin via Navigation Links Block

CVSS 6.5 MEDIUMEPSS 0.8%CWE-79
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 6.5EPSS 0.8%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
13 Oct 2023Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Auth. Stored (contributor+) Cross-Site Scripting (XSS) vulnerability in WordPress core 6.3 through 6.3.1, from 6.2 through 6.2.2, from 6.1 through 6.1.3, from 6.0 through 6.0.5, from 5.9 through 5.9.7 and Gutenberg plugin <= 16.8.0 versions.
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
Affected products
Gutenberg Team · GutenbergWordPress.org · WordPress

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://patchstack.com/articles/wordpress-core-6-3-2-security-update-technical-advisory?_s_id=cvehttps://patchstack.com/database/vulnerability/gutenberg/wordpress-gutenberg-plugin-16-8-0-contributor-stored-xss-in-navigation-links-block-vulnerability?_s_id=cvehttps://patchstack.com/database/vulnerability/wordpress/wordpress-core-6-3-2-contributor-stored-xss-in-navigation-links-block-vulnerability?_s_id=cve