Vulnerability Description
Auth. Stored (contributor+) Cross-Site Scripting (XSS) vulnerability in WordPress core 6.3 through 6.3.1, from 6.2 through 6.2.2, from 6.1 through 6.1.3, from 6.0 through 6.0.5, from 5.9 through 5.9.7 and Gutenberg plugin <= 16.8.0 versions.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Wordpress | Wordpress | >= 5.9, <= 5.9.7 |
| Wordpress | Gutenberg | <= 16.8.0 |
Related Weaknesses (CWE)
References
- https://patchstack.com/articles/wordpress-core-6-3-2-security-update-technical-aExploitThird Party Advisory
- https://patchstack.com/database/vulnerability/gutenberg/wordpress-gutenberg-plugThird Party Advisory
- https://patchstack.com/database/vulnerability/wordpress/wordpress-core-6-3-2-conThird Party Advisory
- https://patchstack.com/articles/wordpress-core-6-3-2-security-update-technical-aExploitThird Party Advisory
- https://patchstack.com/database/vulnerability/gutenberg/wordpress-gutenberg-plugThird Party Advisory
- https://patchstack.com/database/vulnerability/wordpress/wordpress-core-6-3-2-conThird Party Advisory
FAQ
What is CVE-2023-38000?
CVE-2023-38000 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Auth. Stored (contributor+) Cross-Site Scripting (XSS) vulnerability in WordPress core 6.3 through 6.3.1, from 6.2 through 6.2.2, from 6.1 through 6.1.3, from 6.0 through 6.0.5, from 5.9 through 5.9.7...
How severe is CVE-2023-38000?
CVE-2023-38000 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-38000?
Check the references section above for vendor advisories and patch information. Affected products include: Wordpress Wordpress, Wordpress Gutenberg.