WordPress Core has a security issue where user display names can be used to inject harmful scripts into pages. This can be done by both authenticated attackers with certain levels of access and unauthenticated attackers. The scripts will then be executed whenever a user accesses the affected page. This vulnerability exists in versions up to 6.5.2.
This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!
Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:
> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21
Is this information incorrect? Please leave us a message.
