CVE-2023-38000

CVE Database · CVE-2023-38000

CVE-2023-38000

· MEDIUMModified

CVSS v3.1

6.5

EPSS

0.79%

Published

Oct 13, 2023

Modified

Nov 21, 2024

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Auth. Stored (contributor+) Cross-Site Scripting (XSS) vulnerability in WordPress core 6.3 through 6.3.1, from 6.2 through 6.2.2, from 6.1 through 6.1.3, from 6.0 through 6.0.5, from 5.9 through 5.9.7 and Gutenberg plugin <= 16.8.0 versions.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

Weaknesses (CWE)

CWE-79

Affected Products (6)

wordpress · wordpressvulnerable

wordpress · gutenbergvulnerable

References (6)

https://patchstack.com/articles/wordpress-core-6-3-2-security-update-technical-advisory?_s_id=cve

ExploitThird Party Advisory

https://patchstack.com/database/vulnerability/gutenberg/wordpress-gutenberg-plugin-16-8-0-contributor-stored-xss-in-navigation-links-block-vulnerability?_s_id=cve

Third Party Advisory

https://patchstack.com/database/vulnerability/wordpress/wordpress-core-6-3-2-contributor-stored-xss-in-navigation-links-block-vulnerability?_s_id=cve

Third Party Advisory

https://patchstack.com/articles/wordpress-core-6-3-2-security-update-technical-advisory?_s_id=cve

ExploitThird Party Advisory

https://patchstack.com/database/vulnerability/gutenberg/wordpress-gutenberg-plugin-16-8-0-contributor-stored-xss-in-navigation-links-block-vulnerability?_s_id=cve

KEV Catalog EPSS Scores Vendors All CVEs