CVE-2022-43497

CVSS V2 None CVSS V3 None

Description

Cross-site scripting vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to inject an arbitrary script. The developer also provides new patched releases for all versions since 3.7.

Overview

CVE ID
CVE-2022-43497

Assigner
vultures@jpcert.or.jp

Vulnerability Status
Analyzed

Published Version
2022-12-05T04:15:10

Last Modified Date
2023-02-03T16:58:19

Weakness Enumerations

CWE	URL
CWE-79	http://cwe.mitre.org/data/definitions/79.html

CPE Configuration (Product)

CPE	Vulnerable	Operator	Version Start	Version End
cpe:2.3:a:wordpress:wordpress::::::::	1	OR		6.0.3

References

Reference URL	Reference Tags
https://jvn.jp/en/jp/JVN09409909/index.html	Third Party Advisory
https://wordpress.org/download/	Product
https://wordpress.org/news/2022/10/wordpress-6-0-3-security-release/	Product Release Notes Vendor Advisory

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2022-43497
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43497

History

Created	Old Value	New Value	Data Type	Notes
2022-12-07 18:06:26				Added to TrackCVE
2023-02-02 07:14:33	2022-12-05T04:15:10.457	2022-12-05T04:15:10	CVE Published Date	updated
2023-02-02 07:14:33		2023-02-02T06:15:08	CVE Modified Date	updated
2023-02-02 07:14:33	Analyzed	Modified	Vulnerability Status	updated
2023-02-02 07:14:33	Cross-site scripting vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to inject an arbitrary script .	Cross-site scripting vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to inject an arbitrary script. The developer also provides new patched releases for all versions since 3.7.	Description	updated
2023-02-02 13:14:06	Modified	Undergoing Analysis	Vulnerability Status	updated
2023-02-03 17:14:17		2023-02-03T16:58:19	CVE Modified Date	updated
2023-02-03 17:14:17	Undergoing Analysis	Analyzed	Vulnerability Status	updated