Log out
Get PRO

Latest

Input validation vulnerability in WordPress 3.6.1

  • Severity: medium-risk
  • Status: Fixed
  • Publication: October 18, 2022

WordPress Core and the Gutenberg plugin for WordPress have a security vulnerability that could allow malicious web scripts to be injected onto webpages. This vulnerability affects versions of WordPress Core up to 6.0.3 and the Gutenberg plugin for WordPress up to 14.3.1. The vulnerability is caused by not properly securing user input which could make it possible for authenticated users with access to the block editor to inject malicious web scripts. The RSS widget, Search Block, Featured Image Block, RSS Block, and Navigation Block are all affected.

Detected in:

Gutenberg fixed vulnerable versions: >= * <= 14.3.0
WordPress fixed vulnerable versions: >= * <= 3.6.1

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.