Vulnerability Description
WordPress Core, in versions up to 6.0.2, is vulnerable to Authenticated Stored Cross-Site Scripting that can be exploited by users with access to the WordPress post and page editor, typically consisting of Authors, Contributors, and Editors making it possible to inject arbitrary web scripts into posts and pages that execute if the the_meta(); function is called on that page.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Wordpress | Wordpress | <= 6.0.2 |
Related Weaknesses (CWE)
References
- https://core.trac.wordpress.org/changeset/53961Patch
- https://wordpress.org/news/2022/08/wordpress-6-0-2-security-and-maintenance-releRelease Notes
- https://www.wordfence.com/blog/2022/08/wordpress-core-6-0-2-security-maintenanceThird Party Advisory
- https://www.wordfence.com/threat-intel/vulnerabilities/id/b5582e89-83e6-4898-b9fThird Party Advisory
FAQ
What is CVE-2022-4973?
CVE-2022-4973 is a vulnerability with a CVSS score of 4.9 (MEDIUM). WordPress Core, in versions up to 6.0.2, is vulnerable to Authenticated Stored Cross-Site Scripting that can be exploited by users with access to the WordPress post and page editor, typically consisti...
How severe is CVE-2022-4973?
CVE-2022-4973 has been rated MEDIUM with a CVSS base score of 4.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-4973?
Check the references section above for vendor advisories and patch information. Affected products include: Wordpress Wordpress.