WordPress Vulnerabilities
WP < 6.2.1 - Contributor+ Content Injection
Description
WordPress does not properly sanitise block attributes, which could allow users with a role of Contributor and above to perform content injection in comments on blog using a theme compatible with a block editor
Affects WordPress
Fixed in WordPress 6.2.1
Fixed in WordPress 6.1.2
Fixed in WordPress 6.1.2
Fixed in WordPress 6.0.4
Fixed in WordPress 6.0.4
Fixed in WordPress 6.0.4
Fixed in WordPress 6.0.4
Fixed in WordPress 5.9.6
Fixed in WordPress 5.9.6
Fixed in WordPress 5.9.6
Fixed in WordPress 5.9.6
Fixed in WordPress 5.9.6
Fixed in WordPress 5.9.6
Fixed in WordPress 5.8.7
Fixed in WordPress 5.8.7
Fixed in WordPress 5.8.7
Fixed in WordPress 5.8.7
Fixed in WordPress 5.8.7
Fixed in WordPress 5.8.7
Fixed in WordPress 5.8.7
Fixed in WordPress 5.6.11
Fixed in WordPress 5.6.11
Fixed in WordPress 5.6.11
Fixed in WordPress 5.6.11
Fixed in WordPress 5.6.11
Fixed in WordPress 5.6.11
Fixed in WordPress 5.6.11
Fixed in WordPress 5.6.11
Fixed in WordPress 5.6.11
Fixed in WordPress 5.6.11
Fixed in WordPress 5.6.11
Fixed in WordPress 5.5.12
Fixed in WordPress 5.5.12
Fixed in WordPress 5.5.12
Fixed in WordPress 5.5.12
Fixed in WordPress 5.5.12
Fixed in WordPress 5.5.12
Fixed in WordPress 5.5.12
Fixed in WordPress 5.5.12
Fixed in WordPress 5.5.12
Fixed in WordPress 5.5.12
Fixed in WordPress 5.5.12
Fixed in WordPress 5.5.12
Fixed in WordPress 5.4.13
Fixed in WordPress 5.4.13
Fixed in WordPress 5.4.13
Fixed in WordPress 5.4.13
Fixed in WordPress 5.4.13
Fixed in WordPress 5.4.13
Fixed in WordPress 5.4.13
Fixed in WordPress 5.4.13
Fixed in WordPress 5.4.13
Fixed in WordPress 5.4.13
Fixed in WordPress 5.4.13
Fixed in WordPress 5.4.13
Fixed in WordPress 5.4.13
Fixed in WordPress 5.3.15
Fixed in WordPress 5.3.15
Fixed in WordPress 5.3.15
Fixed in WordPress 5.3.15
Fixed in WordPress 5.3.15
Fixed in WordPress 5.3.15
Fixed in WordPress 5.3.15
Fixed in WordPress 5.3.15
Fixed in WordPress 5.3.15
Fixed in WordPress 5.3.15
Fixed in WordPress 5.3.15
Fixed in WordPress 5.3.15
Fixed in WordPress 5.3.15
Fixed in WordPress 5.3.15
Fixed in WordPress 5.3.15
Fixed in WordPress 5.2.18
Fixed in WordPress 5.2.18
Fixed in WordPress 5.2.18
Fixed in WordPress 5.2.18
Fixed in WordPress 5.2.18
Fixed in WordPress 5.2.18
Fixed in WordPress 5.2.18
Fixed in WordPress 5.2.18
Fixed in WordPress 5.2.18
Fixed in WordPress 5.2.18
Fixed in WordPress 5.2.18
Fixed in WordPress 5.2.18
Fixed in WordPress 5.2.18
Fixed in WordPress 5.2.18
Fixed in WordPress 5.2.18
Fixed in WordPress 5.2.18
Fixed in WordPress 5.2.18
Fixed in WordPress 5.2.18
Fixed in WordPress 5.1.16
Fixed in WordPress 5.1.16
Fixed in WordPress 5.1.16
Fixed in WordPress 5.1.16
Fixed in WordPress 5.1.16
Fixed in WordPress 5.1.16
Fixed in WordPress 5.1.16
Fixed in WordPress 5.1.16
Fixed in WordPress 5.1.16
Fixed in WordPress 5.1.16
Fixed in WordPress 5.1.16
Fixed in WordPress 5.1.16
Fixed in WordPress 5.1.16
Fixed in WordPress 5.1.16
Fixed in WordPress 5.1.16
Fixed in WordPress 5.1.16
Fixed in WordPress 5.0.19
Fixed in WordPress 5.0.19
Fixed in WordPress 5.0.19
Fixed in WordPress 5.0.19
Fixed in WordPress 5.0.19
Fixed in WordPress 5.0.19
Fixed in WordPress 5.0.19
Fixed in WordPress 5.0.19
Fixed in WordPress 5.0.19
Fixed in WordPress 5.0.19
Fixed in WordPress 5.0.19
Fixed in WordPress 5.0.19
Fixed in WordPress 5.0.19
Fixed in WordPress 5.0.19
Fixed in WordPress 5.0.19
Fixed in WordPress 5.0.19
Fixed in WordPress 5.0.19
Fixed in WordPress 5.0.19
Fixed in WordPress 4.9.23
Fixed in WordPress 4.9.23
Fixed in WordPress 4.9.23
Fixed in WordPress 4.9.23
Fixed in WordPress 4.9.23
Fixed in WordPress 4.9.23
Fixed in WordPress 4.9.23
Fixed in WordPress 4.9.23
Fixed in WordPress 4.9.23
Fixed in WordPress 4.9.23
Fixed in WordPress 4.9.23
Fixed in WordPress 4.9.23
Fixed in WordPress 4.9.23
Fixed in WordPress 4.9.23
Fixed in WordPress 4.9.23
Fixed in WordPress 4.9.23
Fixed in WordPress 4.9.23
Fixed in WordPress 4.9.23
Fixed in WordPress 4.9.23
Fixed in WordPress 4.9.23
Fixed in WordPress 4.9.23
Fixed in WordPress 4.9.23
Fixed in WordPress 4.9.23
Fixed in WordPress 4.8.22
Fixed in WordPress 4.8.22
Fixed in WordPress 4.8.22
Fixed in WordPress 4.8.22
Fixed in WordPress 4.8.22
Fixed in WordPress 4.8.22
Fixed in WordPress 4.8.22
Fixed in WordPress 4.8.22
Fixed in WordPress 4.8.22
Fixed in WordPress 4.8.22
Fixed in WordPress 4.8.22
Fixed in WordPress 4.8.22
Fixed in WordPress 4.8.22
Fixed in WordPress 4.8.22
Fixed in WordPress 4.8.22
Fixed in WordPress 4.8.22
Fixed in WordPress 4.8.22
Fixed in WordPress 4.8.22
Fixed in WordPress 4.8.22
Fixed in WordPress 4.8.22
Fixed in WordPress 4.8.22
Fixed in WordPress 4.8.22
Fixed in WordPress 4.7.26
Fixed in WordPress 4.7.26
Fixed in WordPress 4.7.26
Fixed in WordPress 4.7.26
Fixed in WordPress 4.7.26
Fixed in WordPress 4.7.26
Fixed in WordPress 4.7.26
Fixed in WordPress 4.7.26
Fixed in WordPress 4.7.26
Fixed in WordPress 4.7.26
Fixed in WordPress 4.7.26
Fixed in WordPress 4.7.26
Fixed in WordPress 4.7.26
Fixed in WordPress 4.7.26
Fixed in WordPress 4.7.26
Fixed in WordPress 4.7.26
Fixed in WordPress 4.7.26
Fixed in WordPress 4.7.26
Fixed in WordPress 4.7.26
Fixed in WordPress 4.7.26
Fixed in WordPress 4.7.26
Fixed in WordPress 4.7.26
Fixed in WordPress 4.7.26
Fixed in WordPress 4.7.26
Fixed in WordPress 4.7.26
Fixed in WordPress 4.7.26
Fixed in WordPress 4.6.26
Fixed in WordPress 4.6.26
Fixed in WordPress 4.6.26
Fixed in WordPress 4.6.26
Fixed in WordPress 4.6.26
Fixed in WordPress 4.6.26
Fixed in WordPress 4.6.26
Fixed in WordPress 4.6.26
Fixed in WordPress 4.6.26
Fixed in WordPress 4.6.26
Fixed in WordPress 4.6.26
Fixed in WordPress 4.6.26
Fixed in WordPress 4.6.26
Fixed in WordPress 4.6.26
Fixed in WordPress 4.6.26
Fixed in WordPress 4.6.26
Fixed in WordPress 4.6.26
Fixed in WordPress 4.6.26
Fixed in WordPress 4.6.26
Fixed in WordPress 4.6.26
Fixed in WordPress 4.6.26
Fixed in WordPress 4.6.26
Fixed in WordPress 4.6.26
Fixed in WordPress 4.6.26
Fixed in WordPress 4.6.26
Fixed in WordPress 4.6.26
Fixed in WordPress 4.5.29
Fixed in WordPress 4.5.29
Fixed in WordPress 4.5.29
Fixed in WordPress 4.5.29
Fixed in WordPress 4.5.29
Fixed in WordPress 4.5.29
Fixed in WordPress 4.5.29
Fixed in WordPress 4.5.29
Fixed in WordPress 4.5.29
Fixed in WordPress 4.5.29
Fixed in WordPress 4.5.29
Fixed in WordPress 4.5.29
Fixed in WordPress 4.5.29
Fixed in WordPress 4.5.29
Fixed in WordPress 4.5.29
Fixed in WordPress 4.5.29
Fixed in WordPress 4.5.29
Fixed in WordPress 4.5.29
Fixed in WordPress 4.5.29
Fixed in WordPress 4.5.29
Fixed in WordPress 4.5.29
Fixed in WordPress 4.5.29
Fixed in WordPress 4.5.29
Fixed in WordPress 4.5.29
Fixed in WordPress 4.5.29
Fixed in WordPress 4.5.29
Fixed in WordPress 4.5.29
Fixed in WordPress 4.5.29
Fixed in WordPress 4.5.29
Fixed in WordPress 4.4.30
Fixed in WordPress 4.4.30
Fixed in WordPress 4.4.30
Fixed in WordPress 4.4.30
Fixed in WordPress 4.4.30
Fixed in WordPress 4.4.30
Fixed in WordPress 4.4.30
Fixed in WordPress 4.4.30
Fixed in WordPress 4.4.30
Fixed in WordPress 4.4.30
Fixed in WordPress 4.4.30
Fixed in WordPress 4.4.30
Fixed in WordPress 4.4.30
Fixed in WordPress 4.4.30
Fixed in WordPress 4.4.30
Fixed in WordPress 4.4.30
Fixed in WordPress 4.4.30
Fixed in WordPress 4.4.30
Fixed in WordPress 4.4.30
Fixed in WordPress 4.4.30
Fixed in WordPress 4.4.30
Fixed in WordPress 4.4.30
Fixed in WordPress 4.4.30
Fixed in WordPress 4.4.30
Fixed in WordPress 4.4.30
Fixed in WordPress 4.4.30
Fixed in WordPress 4.4.30
Fixed in WordPress 4.4.30
Fixed in WordPress 4.4.30
Fixed in WordPress 4.4.30
Fixed in WordPress 4.3.31
Fixed in WordPress 4.3.31
Fixed in WordPress 4.3.31
Fixed in WordPress 4.3.31
Fixed in WordPress 4.3.31
Fixed in WordPress 4.3.31
Fixed in WordPress 4.3.31
Fixed in WordPress 4.3.31
Fixed in WordPress 4.3.31
Fixed in WordPress 4.3.31
Fixed in WordPress 4.3.31
Fixed in WordPress 4.3.31
Fixed in WordPress 4.3.31
Fixed in WordPress 4.3.31
Fixed in WordPress 4.3.31
Fixed in WordPress 4.3.31
Fixed in WordPress 4.3.31
Fixed in WordPress 4.3.31
Fixed in WordPress 4.3.31
Fixed in WordPress 4.3.31
Fixed in WordPress 4.3.31
Fixed in WordPress 4.3.31
Fixed in WordPress 4.3.31
Fixed in WordPress 4.3.31
Fixed in WordPress 4.3.31
Fixed in WordPress 4.3.31
Fixed in WordPress 4.3.31
Fixed in WordPress 4.3.31
Fixed in WordPress 4.3.31
Fixed in WordPress 4.3.31
Fixed in WordPress 4.3.31
Fixed in WordPress 4.2.35
Fixed in WordPress 4.2.35
Fixed in WordPress 4.2.35
Fixed in WordPress 4.2.35
Fixed in WordPress 4.2.35
Fixed in WordPress 4.2.35
Fixed in WordPress 4.2.35
Fixed in WordPress 4.2.35
Fixed in WordPress 4.2.35
Fixed in WordPress 4.2.35
Fixed in WordPress 4.2.35
Fixed in WordPress 4.2.35
Fixed in WordPress 4.2.35
Fixed in WordPress 4.2.35
Fixed in WordPress 4.2.35
Fixed in WordPress 4.2.35
Fixed in WordPress 4.2.35
Fixed in WordPress 4.2.35
Fixed in WordPress 4.2.35
Fixed in WordPress 4.2.35
Fixed in WordPress 4.2.35
Fixed in WordPress 4.2.35
Fixed in WordPress 4.2.35
Fixed in WordPress 4.2.35
Fixed in WordPress 4.2.35
Fixed in WordPress 4.2.35
Fixed in WordPress 4.2.35
Fixed in WordPress 4.2.35
Fixed in WordPress 4.2.35
Fixed in WordPress 4.2.35
Fixed in WordPress 4.2.35
Fixed in WordPress 4.2.35
Fixed in WordPress 4.2.35
Fixed in WordPress 4.2.35
Fixed in WordPress 4.2.35
Fixed in WordPress 4.1.38
Fixed in WordPress 4.1.38
Fixed in WordPress 4.1.38
Fixed in WordPress 4.1.38
Fixed in WordPress 4.1.38
Fixed in WordPress 4.1.38
Fixed in WordPress 4.1.38
Fixed in WordPress 4.1.38
Fixed in WordPress 4.1.38
Fixed in WordPress 4.1.38
Fixed in WordPress 4.1.38
Fixed in WordPress 4.1.38
Fixed in WordPress 4.1.38
Fixed in WordPress 4.1.38
Fixed in WordPress 4.1.38
Fixed in WordPress 4.1.38
Fixed in WordPress 4.1.38
Fixed in WordPress 4.1.38
Fixed in WordPress 4.1.38
Fixed in WordPress 4.1.38
Fixed in WordPress 4.1.38
Fixed in WordPress 4.1.38
Fixed in WordPress 4.1.38
Fixed in WordPress 4.1.38
Fixed in WordPress 4.1.38
Fixed in WordPress 4.1.38
Fixed in WordPress 4.1.38
Fixed in WordPress 4.1.38
Fixed in WordPress 4.1.38
Fixed in WordPress 4.1.38
Fixed in WordPress 4.1.38
Fixed in WordPress 4.1.38
Fixed in WordPress 4.1.38
Fixed in WordPress 4.1.38
Fixed in WordPress 4.1.38
Fixed in WordPress 4.1.38
Fixed in WordPress 4.1.38
Fixed in WordPress 4.1.38
Fixed in WordPress 5.7.9
Fixed in WordPress 5.7.9
Fixed in WordPress 5.7.9
Fixed in WordPress 5.7.9
Fixed in WordPress 5.7.9
Fixed in WordPress 5.7.9
Fixed in WordPress 5.7.9
Fixed in WordPress 5.7.9
Fixed in WordPress 5.7.9
References
Classification
Type
XSS
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Third-party auditor
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2023-05-16 (about 11 months ago)
Added
2023-05-17 (about 11 months ago)
Last Updated
2023-05-23 (about 11 months ago)