Log out
Get PRO

Latest

Input validation vulnerability in WordPress 3.6.1

  • Severity: medium-risk
  • Status: Fixed
  • Publication: October 18, 2022

WordPress Core, the underlying software of the popular website building platform, contains a vulnerability that could allow malicious web scripts to be executed when someone views a comment. The vulnerability is called Stored Cross-Site Scripting and it exists in versions of WordPress Core up to 6.0.3. It is possible to exploit this vulnerability when someone edits a comment, as the values being stored during this process are not sufficiently escaped or sanitized. This means that an authenticated user with high level permissions, such as an editor, can modify the comments on a post in a way that could include malicious web scripts.

Detected in:

WordPress fixed vulnerable versions: >= * <= 3.6.1

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.

Join our mailing list - 6 Tips & Tricks in your inbox over the next days!

Plugins

© Really Simple Plugins
CoC 70461155
Kalmarweg 14-5
9723 JG, Groningen (NL)

Wordpress Linkedin Github

Get Started

About

Popular articles