WordPress Vulnerabilities

WP < 6.2.1 - Contributor+ Content Injection

Description

WordPress does not properly sanitise block attributes, which could allow users with a role of Contributor and above to perform content injection in comments on blog using a theme compatible with a block editor

Affects WordPress

6.2
Fixed in WordPress 6.2.1
6.1.1
Fixed in WordPress 6.1.2
6.1
Fixed in WordPress 6.1.2
6.0.3
Fixed in WordPress 6.0.4
6.0.2
Fixed in WordPress 6.0.4
6.0.1
Fixed in WordPress 6.0.4
6.0
Fixed in WordPress 6.0.4
5.9.5
Fixed in WordPress 5.9.6
5.9.4
Fixed in WordPress 5.9.6
5.9.3
Fixed in WordPress 5.9.6
5.9.2
Fixed in WordPress 5.9.6
5.9.1
Fixed in WordPress 5.9.6
5.9
Fixed in WordPress 5.9.6
5.8.6
Fixed in WordPress 5.8.7
5.8.5
Fixed in WordPress 5.8.7
5.8.4
Fixed in WordPress 5.8.7
5.8.3
Fixed in WordPress 5.8.7
5.8.2
Fixed in WordPress 5.8.7
5.8.1
Fixed in WordPress 5.8.7
5.8
Fixed in WordPress 5.8.7
5.6.10
Fixed in WordPress 5.6.11
5.6.9
Fixed in WordPress 5.6.11
5.6.8
Fixed in WordPress 5.6.11
5.6.7
Fixed in WordPress 5.6.11
5.6.6
Fixed in WordPress 5.6.11
5.6.5
Fixed in WordPress 5.6.11
5.6.4
Fixed in WordPress 5.6.11
5.6.3
Fixed in WordPress 5.6.11
5.6.2
Fixed in WordPress 5.6.11
5.6.1
Fixed in WordPress 5.6.11
5.6
Fixed in WordPress 5.6.11
5.5.11
Fixed in WordPress 5.5.12
5.5.10
Fixed in WordPress 5.5.12
5.5.9
Fixed in WordPress 5.5.12
5.5.8
Fixed in WordPress 5.5.12
5.5.7
Fixed in WordPress 5.5.12
5.5.6
Fixed in WordPress 5.5.12
5.5.5
Fixed in WordPress 5.5.12
5.5.4
Fixed in WordPress 5.5.12
5.5.3
Fixed in WordPress 5.5.12
5.5.2
Fixed in WordPress 5.5.12
5.5.1
Fixed in WordPress 5.5.12
5.5
Fixed in WordPress 5.5.12
5.4.12
Fixed in WordPress 5.4.13
5.4.11
Fixed in WordPress 5.4.13
5.4.10
Fixed in WordPress 5.4.13
5.4.9
Fixed in WordPress 5.4.13
5.4.8
Fixed in WordPress 5.4.13
5.4.7
Fixed in WordPress 5.4.13
5.4.6
Fixed in WordPress 5.4.13
5.4.5
Fixed in WordPress 5.4.13
5.4.4
Fixed in WordPress 5.4.13
5.4.3
Fixed in WordPress 5.4.13
5.4.2
Fixed in WordPress 5.4.13
5.4.1
Fixed in WordPress 5.4.13
5.4
Fixed in WordPress 5.4.13
5.3.14
Fixed in WordPress 5.3.15
5.3.13
Fixed in WordPress 5.3.15
5.3.12
Fixed in WordPress 5.3.15
5.3.11
Fixed in WordPress 5.3.15
5.3.10
Fixed in WordPress 5.3.15
5.3.9
Fixed in WordPress 5.3.15
5.3.8
Fixed in WordPress 5.3.15
5.3.7
Fixed in WordPress 5.3.15
5.3.6
Fixed in WordPress 5.3.15
5.3.5
Fixed in WordPress 5.3.15
5.3.4
Fixed in WordPress 5.3.15
5.3.3
Fixed in WordPress 5.3.15
5.3.2
Fixed in WordPress 5.3.15
5.3.1
Fixed in WordPress 5.3.15
5.3
Fixed in WordPress 5.3.15
5.2.17
Fixed in WordPress 5.2.18
5.2.16
Fixed in WordPress 5.2.18
5.2.15
Fixed in WordPress 5.2.18
5.2.14
Fixed in WordPress 5.2.18
5.2.13
Fixed in WordPress 5.2.18
5.2.12
Fixed in WordPress 5.2.18
5.2.11
Fixed in WordPress 5.2.18
5.2.10
Fixed in WordPress 5.2.18
5.2.9
Fixed in WordPress 5.2.18
5.2.8
Fixed in WordPress 5.2.18
5.2.7
Fixed in WordPress 5.2.18
5.2.6
Fixed in WordPress 5.2.18
5.2.5
Fixed in WordPress 5.2.18
5.2.4
Fixed in WordPress 5.2.18
5.2.3
Fixed in WordPress 5.2.18
5.2.2
Fixed in WordPress 5.2.18
5.2.1
Fixed in WordPress 5.2.18
5.2
Fixed in WordPress 5.2.18
5.1.15
Fixed in WordPress 5.1.16
5.1.14
Fixed in WordPress 5.1.16
5.1.13
Fixed in WordPress 5.1.16
5.1.12
Fixed in WordPress 5.1.16
5.1.11
Fixed in WordPress 5.1.16
5.1.10
Fixed in WordPress 5.1.16
5.1.9
Fixed in WordPress 5.1.16
5.1.8
Fixed in WordPress 5.1.16
5.1.7
Fixed in WordPress 5.1.16
5.1.6
Fixed in WordPress 5.1.16
5.1.5
Fixed in WordPress 5.1.16
5.1.4
Fixed in WordPress 5.1.16
5.1.3
Fixed in WordPress 5.1.16
5.1.2
Fixed in WordPress 5.1.16
5.1.1
Fixed in WordPress 5.1.16
5.1
Fixed in WordPress 5.1.16
5.0.18
Fixed in WordPress 5.0.19
5.0.17
Fixed in WordPress 5.0.19
5.0.16
Fixed in WordPress 5.0.19
5.0.15
Fixed in WordPress 5.0.19
5.0.14
Fixed in WordPress 5.0.19
5.0.13
Fixed in WordPress 5.0.19
5.0.12
Fixed in WordPress 5.0.19
5.0.11
Fixed in WordPress 5.0.19
5.0.10
Fixed in WordPress 5.0.19
5.0.9
Fixed in WordPress 5.0.19
5.0.8
Fixed in WordPress 5.0.19
5.0.7
Fixed in WordPress 5.0.19
5.0.6
Fixed in WordPress 5.0.19
5.0.4
Fixed in WordPress 5.0.19
5.0.3
Fixed in WordPress 5.0.19
5.0.2
Fixed in WordPress 5.0.19
5.0.1
Fixed in WordPress 5.0.19
5.0
Fixed in WordPress 5.0.19
4.9.22
Fixed in WordPress 4.9.23
4.9.21
Fixed in WordPress 4.9.23
4.9.20
Fixed in WordPress 4.9.23
4.9.19
Fixed in WordPress 4.9.23
4.9.18
Fixed in WordPress 4.9.23
4.9.17
Fixed in WordPress 4.9.23
4.9.16
Fixed in WordPress 4.9.23
4.9.15
Fixed in WordPress 4.9.23
4.9.14
Fixed in WordPress 4.9.23
4.9.13
Fixed in WordPress 4.9.23
4.9.12
Fixed in WordPress 4.9.23
4.9.11
Fixed in WordPress 4.9.23
4.9.10
Fixed in WordPress 4.9.23
4.9.9
Fixed in WordPress 4.9.23
4.9.8
Fixed in WordPress 4.9.23
4.9.7
Fixed in WordPress 4.9.23
4.9.6
Fixed in WordPress 4.9.23
4.9.5
Fixed in WordPress 4.9.23
4.9.4
Fixed in WordPress 4.9.23
4.9.3
Fixed in WordPress 4.9.23
4.9.2
Fixed in WordPress 4.9.23
4.9.1
Fixed in WordPress 4.9.23
4.9
Fixed in WordPress 4.9.23
4.8.21
Fixed in WordPress 4.8.22
4.8.20
Fixed in WordPress 4.8.22
4.8.19
Fixed in WordPress 4.8.22
4.8.18
Fixed in WordPress 4.8.22
4.8.17
Fixed in WordPress 4.8.22
4.8.16
Fixed in WordPress 4.8.22
4.8.15
Fixed in WordPress 4.8.22
4.8.14
Fixed in WordPress 4.8.22
4.8.13
Fixed in WordPress 4.8.22
4.8.12
Fixed in WordPress 4.8.22
4.8.11
Fixed in WordPress 4.8.22
4.8.10
Fixed in WordPress 4.8.22
4.8.9
Fixed in WordPress 4.8.22
4.8.8
Fixed in WordPress 4.8.22
4.8.7
Fixed in WordPress 4.8.22
4.8.6
Fixed in WordPress 4.8.22
4.8.5
Fixed in WordPress 4.8.22
4.8.4
Fixed in WordPress 4.8.22
4.8.3
Fixed in WordPress 4.8.22
4.8.2
Fixed in WordPress 4.8.22
4.8.1
Fixed in WordPress 4.8.22
4.8
Fixed in WordPress 4.8.22
4.7.25
Fixed in WordPress 4.7.26
4.7.24
Fixed in WordPress 4.7.26
4.7.23
Fixed in WordPress 4.7.26
4.7.22
Fixed in WordPress 4.7.26
4.7.21
Fixed in WordPress 4.7.26
4.7.20
Fixed in WordPress 4.7.26
4.7.19
Fixed in WordPress 4.7.26
4.7.18
Fixed in WordPress 4.7.26
4.7.17
Fixed in WordPress 4.7.26
4.7.16
Fixed in WordPress 4.7.26
4.7.15
Fixed in WordPress 4.7.26
4.7.14
Fixed in WordPress 4.7.26
4.7.13
Fixed in WordPress 4.7.26
4.7.12
Fixed in WordPress 4.7.26
4.7.11
Fixed in WordPress 4.7.26
4.7.10
Fixed in WordPress 4.7.26
4.7.9
Fixed in WordPress 4.7.26
4.7.8
Fixed in WordPress 4.7.26
4.7.7
Fixed in WordPress 4.7.26
4.7.6
Fixed in WordPress 4.7.26
4.7.5
Fixed in WordPress 4.7.26
4.7.4
Fixed in WordPress 4.7.26
4.7.3
Fixed in WordPress 4.7.26
4.7.2
Fixed in WordPress 4.7.26
4.7.1
Fixed in WordPress 4.7.26
4.7
Fixed in WordPress 4.7.26
4.6.25
Fixed in WordPress 4.6.26
4.6.24
Fixed in WordPress 4.6.26
4.6.23
Fixed in WordPress 4.6.26
4.6.22
Fixed in WordPress 4.6.26
4.6.21
Fixed in WordPress 4.6.26
4.6.20
Fixed in WordPress 4.6.26
4.6.19
Fixed in WordPress 4.6.26
4.6.18
Fixed in WordPress 4.6.26
4.6.17
Fixed in WordPress 4.6.26
4.6.16
Fixed in WordPress 4.6.26
4.6.15
Fixed in WordPress 4.6.26
4.6.14
Fixed in WordPress 4.6.26
4.6.13
Fixed in WordPress 4.6.26
4.6.12
Fixed in WordPress 4.6.26
4.6.11
Fixed in WordPress 4.6.26
4.6.10
Fixed in WordPress 4.6.26
4.6.9
Fixed in WordPress 4.6.26
4.6.8
Fixed in WordPress 4.6.26
4.6.7
Fixed in WordPress 4.6.26
4.6.6
Fixed in WordPress 4.6.26
4.6.5
Fixed in WordPress 4.6.26
4.6.4
Fixed in WordPress 4.6.26
4.6.3
Fixed in WordPress 4.6.26
4.6.2
Fixed in WordPress 4.6.26
4.6.1
Fixed in WordPress 4.6.26
4.6
Fixed in WordPress 4.6.26
4.5.28
Fixed in WordPress 4.5.29
4.5.27
Fixed in WordPress 4.5.29
4.5.26
Fixed in WordPress 4.5.29
4.5.25
Fixed in WordPress 4.5.29
4.5.24
Fixed in WordPress 4.5.29
4.5.23
Fixed in WordPress 4.5.29
4.5.22
Fixed in WordPress 4.5.29
4.5.21
Fixed in WordPress 4.5.29
4.5.20
Fixed in WordPress 4.5.29
4.5.19
Fixed in WordPress 4.5.29
4.5.18
Fixed in WordPress 4.5.29
4.5.17
Fixed in WordPress 4.5.29
4.5.16
Fixed in WordPress 4.5.29
4.5.15
Fixed in WordPress 4.5.29
4.5.14
Fixed in WordPress 4.5.29
4.5.13
Fixed in WordPress 4.5.29
4.5.12
Fixed in WordPress 4.5.29
4.5.11
Fixed in WordPress 4.5.29
4.5.10
Fixed in WordPress 4.5.29
4.5.9
Fixed in WordPress 4.5.29
4.5.8
Fixed in WordPress 4.5.29
4.5.7
Fixed in WordPress 4.5.29
4.5.6
Fixed in WordPress 4.5.29
4.5.5
Fixed in WordPress 4.5.29
4.5.4
Fixed in WordPress 4.5.29
4.5.3
Fixed in WordPress 4.5.29
4.5.2
Fixed in WordPress 4.5.29
4.5.1
Fixed in WordPress 4.5.29
4.5
Fixed in WordPress 4.5.29
4.4.29
Fixed in WordPress 4.4.30
4.4.28
Fixed in WordPress 4.4.30
4.4.27
Fixed in WordPress 4.4.30
4.4.26
Fixed in WordPress 4.4.30
4.4.25
Fixed in WordPress 4.4.30
4.4.24
Fixed in WordPress 4.4.30
4.4.23
Fixed in WordPress 4.4.30
4.4.22
Fixed in WordPress 4.4.30
4.4.21
Fixed in WordPress 4.4.30
4.4.20
Fixed in WordPress 4.4.30
4.4.19
Fixed in WordPress 4.4.30
4.4.18
Fixed in WordPress 4.4.30
4.4.17
Fixed in WordPress 4.4.30
4.4.16
Fixed in WordPress 4.4.30
4.4.15
Fixed in WordPress 4.4.30
4.4.14
Fixed in WordPress 4.4.30
4.4.13
Fixed in WordPress 4.4.30
4.4.12
Fixed in WordPress 4.4.30
4.4.11
Fixed in WordPress 4.4.30
4.4.10
Fixed in WordPress 4.4.30
4.4.9
Fixed in WordPress 4.4.30
4.4.8
Fixed in WordPress 4.4.30
4.4.7
Fixed in WordPress 4.4.30
4.4.6
Fixed in WordPress 4.4.30
4.4.5
Fixed in WordPress 4.4.30
4.4.4
Fixed in WordPress 4.4.30
4.4.3
Fixed in WordPress 4.4.30
4.4.2
Fixed in WordPress 4.4.30
4.4.1
Fixed in WordPress 4.4.30
4.4
Fixed in WordPress 4.4.30
4.3.30
Fixed in WordPress 4.3.31
4.3.29
Fixed in WordPress 4.3.31
4.3.28
Fixed in WordPress 4.3.31
4.3.27
Fixed in WordPress 4.3.31
4.3.26
Fixed in WordPress 4.3.31
4.3.25
Fixed in WordPress 4.3.31
4.3.24
Fixed in WordPress 4.3.31
4.3.23
Fixed in WordPress 4.3.31
4.3.22
Fixed in WordPress 4.3.31
4.3.21
Fixed in WordPress 4.3.31
4.3.20
Fixed in WordPress 4.3.31
4.3.19
Fixed in WordPress 4.3.31
4.3.18
Fixed in WordPress 4.3.31
4.3.17
Fixed in WordPress 4.3.31
4.3.16
Fixed in WordPress 4.3.31
4.3.15
Fixed in WordPress 4.3.31
4.3.14
Fixed in WordPress 4.3.31
4.3.13
Fixed in WordPress 4.3.31
4.3.12
Fixed in WordPress 4.3.31
4.3.11
Fixed in WordPress 4.3.31
4.3.10
Fixed in WordPress 4.3.31
4.3.9
Fixed in WordPress 4.3.31
4.3.8
Fixed in WordPress 4.3.31
4.3.7
Fixed in WordPress 4.3.31
4.3.6
Fixed in WordPress 4.3.31
4.3.5
Fixed in WordPress 4.3.31
4.3.4
Fixed in WordPress 4.3.31
4.3.3
Fixed in WordPress 4.3.31
4.3.2
Fixed in WordPress 4.3.31
4.3.1
Fixed in WordPress 4.3.31
4.3
Fixed in WordPress 4.3.31
4.2.34
Fixed in WordPress 4.2.35
4.2.33
Fixed in WordPress 4.2.35
4.2.32
Fixed in WordPress 4.2.35
4.2.31
Fixed in WordPress 4.2.35
4.2.30
Fixed in WordPress 4.2.35
4.2.29
Fixed in WordPress 4.2.35
4.2.28
Fixed in WordPress 4.2.35
4.2.27
Fixed in WordPress 4.2.35
4.2.26
Fixed in WordPress 4.2.35
4.2.25
Fixed in WordPress 4.2.35
4.2.24
Fixed in WordPress 4.2.35
4.2.23
Fixed in WordPress 4.2.35
4.2.22
Fixed in WordPress 4.2.35
4.2.21
Fixed in WordPress 4.2.35
4.2.20
Fixed in WordPress 4.2.35
4.2.19
Fixed in WordPress 4.2.35
4.2.18
Fixed in WordPress 4.2.35
4.2.17
Fixed in WordPress 4.2.35
4.2.16
Fixed in WordPress 4.2.35
4.2.15
Fixed in WordPress 4.2.35
4.2.14
Fixed in WordPress 4.2.35
4.2.13
Fixed in WordPress 4.2.35
4.2.12
Fixed in WordPress 4.2.35
4.2.11
Fixed in WordPress 4.2.35
4.2.10
Fixed in WordPress 4.2.35
4.2.9
Fixed in WordPress 4.2.35
4.2.8
Fixed in WordPress 4.2.35
4.2.7
Fixed in WordPress 4.2.35
4.2.6
Fixed in WordPress 4.2.35
4.2.5
Fixed in WordPress 4.2.35
4.2.4
Fixed in WordPress 4.2.35
4.2.3
Fixed in WordPress 4.2.35
4.2.2
Fixed in WordPress 4.2.35
4.2.1
Fixed in WordPress 4.2.35
4.2
Fixed in WordPress 4.2.35
4.1.37
Fixed in WordPress 4.1.38
4.1.36
Fixed in WordPress 4.1.38
4.1.35
Fixed in WordPress 4.1.38
4.1.34
Fixed in WordPress 4.1.38
4.1.33
Fixed in WordPress 4.1.38
4.1.32
Fixed in WordPress 4.1.38
4.1.31
Fixed in WordPress 4.1.38
4.1.30
Fixed in WordPress 4.1.38
4.1.29
Fixed in WordPress 4.1.38
4.1.28
Fixed in WordPress 4.1.38
4.1.27
Fixed in WordPress 4.1.38
4.1.26
Fixed in WordPress 4.1.38
4.1.25
Fixed in WordPress 4.1.38
4.1.24
Fixed in WordPress 4.1.38
4.1.23
Fixed in WordPress 4.1.38
4.1.22
Fixed in WordPress 4.1.38
4.1.21
Fixed in WordPress 4.1.38
4.1.20
Fixed in WordPress 4.1.38
4.1.19
Fixed in WordPress 4.1.38
4.1.18
Fixed in WordPress 4.1.38
4.1.17
Fixed in WordPress 4.1.38
4.1.16
Fixed in WordPress 4.1.38
4.1.15
Fixed in WordPress 4.1.38
4.1.14
Fixed in WordPress 4.1.38
4.1.13
Fixed in WordPress 4.1.38
4.1.12
Fixed in WordPress 4.1.38
4.1.11
Fixed in WordPress 4.1.38
4.1.10
Fixed in WordPress 4.1.38
4.1.9
Fixed in WordPress 4.1.38
4.1.8
Fixed in WordPress 4.1.38
4.1.7
Fixed in WordPress 4.1.38
4.1.6
Fixed in WordPress 4.1.38
4.1.5
Fixed in WordPress 4.1.38
4.1.4
Fixed in WordPress 4.1.38
4.1.3
Fixed in WordPress 4.1.38
4.1.2
Fixed in WordPress 4.1.38
4.1.1
Fixed in WordPress 4.1.38
4.1
Fixed in WordPress 4.1.38
5.7.8
Fixed in WordPress 5.7.9
5.7.7
Fixed in WordPress 5.7.9
5.7.6
Fixed in WordPress 5.7.9
5.7.5
Fixed in WordPress 5.7.9
5.7.4
Fixed in WordPress 5.7.9
5.7.3
Fixed in WordPress 5.7.9
5.7.2
Fixed in WordPress 5.7.9
5.7.1
Fixed in WordPress 5.7.9
5.7
Fixed in WordPress 5.7.9

References

URL
https://wordpress.org/news/2023/05/wordpress-6-2-1-maintenance-security-release/

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
5.5 (medium)

Miscellaneous

Original Researcher
Third-party auditor
Verified
Yes
WPVDB ID
1527ebdb-18bc-4f9d-9c20-8d729a628670

Timeline

Publicly Published
2023-05-16 (about 11 months ago)
Added
2023-05-17 (about 11 months ago)
Last Updated
2023-05-23 (about 11 months ago)

Other

Published
Title
Published
2022-12-27
Title
Compact WP Audio Player < 1.9.8 - Contributor+ Stored XSS
Published
2023-09-29
Title
User Activity Log Pro < 2.3.4 - Unauthenticated Stored Cross-Site Scripting via User Agent
Published
2022-02-21
Title
Cookie Information < 2.0.8 - Reflected Cross-Site Scripting
Published
2023-06-19
Title
Simple Iframe < 1.2.0 - Contributor+ Stored XSS
Published
2017-06-02
Title
Spiffy Calendar < 3.3.0 - Reflected Cross-Site Scripting (XSS)