WordPress Vulnerabilities
WP 5.6-6.3.1 - Contributor+ Stored XSS via Navigation Block
Description
WordPress does not escape some of its Navigation block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
Affects WordPress
Fixed in WordPress 6.3.2
Fixed in WordPress 6.3.2
Fixed in WordPress 6.2.3
Fixed in WordPress 6.2.3
Fixed in WordPress 6.2.3
Fixed in WordPress 6.1.4
Fixed in WordPress 6.1.4
Fixed in WordPress 6.1.4
Fixed in WordPress 6.1.4
Fixed in WordPress 6.0.6
Fixed in WordPress 6.0.6
Fixed in WordPress 6.0.6
Fixed in WordPress 6.0.6
Fixed in WordPress 6.0.6
Fixed in WordPress 6.0.6
Fixed in WordPress 5.9.8
Fixed in WordPress 5.9.8
Fixed in WordPress 5.9.8
Fixed in WordPress 5.9.8
Fixed in WordPress 5.9.8
Fixed in WordPress 5.9.8
Fixed in WordPress 5.9.8
Fixed in WordPress 5.9.8 References
Classification
Type
XSS
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Rafie Muhammad, Edouard Lamoine
Verified
No
WPVDB ID
Timeline
Publicly Published
2023-10-12 (about 7 months ago)
Added
2023-10-13 (about 6 months ago)
Last Updated
2023-10-13 (about 6 months ago)
WPScan 