WordPress Vulnerabilities

WP < 6.2.1 - Contributor+ Content Injection

Description

WordPress does not properly sanitise block attributes, which could allow users with a role of Contributor and above to perform content injection in comments on blog using a theme compatible with a block editor

Affects WordPress

6.2
Fixed in WordPress 6.2.1
6.1.1
Fixed in WordPress 6.1.2
6.1
Fixed in WordPress 6.1.2
6.0.3
Fixed in WordPress 6.0.4
6.0.2
Fixed in WordPress 6.0.4
6.0.1
Fixed in WordPress 6.0.4
6.0
Fixed in WordPress 6.0.4
5.9.5
Fixed in WordPress 5.9.6
5.9.4
Fixed in WordPress 5.9.6
5.9.3
Fixed in WordPress 5.9.6
5.9.2
Fixed in WordPress 5.9.6
5.9.1
Fixed in WordPress 5.9.6
5.9
Fixed in WordPress 5.9.6
5.8.6
Fixed in WordPress 5.8.7
5.8.5
Fixed in WordPress 5.8.7
5.8.4
Fixed in WordPress 5.8.7
5.8.3
Fixed in WordPress 5.8.7
5.8.2
Fixed in WordPress 5.8.7
5.8.1
Fixed in WordPress 5.8.7
5.8
Fixed in WordPress 5.8.7
5.6.10
Fixed in WordPress 5.6.11
5.6.9
Fixed in WordPress 5.6.11
5.6.8
Fixed in WordPress 5.6.11
5.6.7
Fixed in WordPress 5.6.11
5.6.6
Fixed in WordPress 5.6.11
5.6.5
Fixed in WordPress 5.6.11
5.6.4
Fixed in WordPress 5.6.11
5.6.3
Fixed in WordPress 5.6.11
5.6.2
Fixed in WordPress 5.6.11
5.6.1
Fixed in WordPress 5.6.11
5.6
Fixed in WordPress 5.6.11
5.5.11
Fixed in WordPress 5.5.12
5.5.10
Fixed in WordPress 5.5.12
5.5.9
Fixed in WordPress 5.5.12
5.5.8
Fixed in WordPress 5.5.12
5.5.7
Fixed in WordPress 5.5.12
5.5.6
Fixed in WordPress 5.5.12
5.5.5
Fixed in WordPress 5.5.12
5.5.4
Fixed in WordPress 5.5.12
5.5.3
Fixed in WordPress 5.5.12
5.5.2
Fixed in WordPress 5.5.12
5.5.1
Fixed in WordPress 5.5.12
5.5
Fixed in WordPress 5.5.12
5.4.12
Fixed in WordPress 5.4.13
5.4.11
Fixed in WordPress 5.4.13
5.4.10
Fixed in WordPress 5.4.13
5.4.9
Fixed in WordPress 5.4.13
5.4.8
Fixed in WordPress 5.4.13
5.4.7
Fixed in WordPress 5.4.13
5.4.6
Fixed in WordPress 5.4.13
5.4.5
Fixed in WordPress 5.4.13
5.4.4
Fixed in WordPress 5.4.13
5.4.3
Fixed in WordPress 5.4.13
5.4.2
Fixed in WordPress 5.4.13
5.4.1
Fixed in WordPress 5.4.13
5.4
Fixed in WordPress 5.4.13
5.3.14
Fixed in WordPress 5.3.15
5.3.13
Fixed in WordPress 5.3.15
5.3.12
Fixed in WordPress 5.3.15
5.3.11
Fixed in WordPress 5.3.15
5.3.10
Fixed in WordPress 5.3.15
5.3.9
Fixed in WordPress 5.3.15
5.3.8
Fixed in WordPress 5.3.15
5.3.7
Fixed in WordPress 5.3.15
5.3.6
Fixed in WordPress 5.3.15
5.3.5
Fixed in WordPress 5.3.15
5.3.4
Fixed in WordPress 5.3.15
5.3.3
Fixed in WordPress 5.3.15
5.3.2
Fixed in WordPress 5.3.15
5.3.1
Fixed in WordPress 5.3.15
5.3
Fixed in WordPress 5.3.15
5.2.17
Fixed in WordPress 5.2.18
5.2.16
Fixed in WordPress 5.2.18
5.2.15
Fixed in WordPress 5.2.18
5.2.14
Fixed in WordPress 5.2.18
5.2.13
Fixed in WordPress 5.2.18
5.2.12
Fixed in WordPress 5.2.18
5.2.11
Fixed in WordPress 5.2.18
5.2.10
Fixed in WordPress 5.2.18
5.2.9
Fixed in WordPress 5.2.18
5.2.8
Fixed in WordPress 5.2.18
5.2.7
Fixed in WordPress 5.2.18
5.2.6
Fixed in WordPress 5.2.18
5.2.5
Fixed in WordPress 5.2.18
5.2.4
Fixed in WordPress 5.2.18
5.2.3
Fixed in WordPress 5.2.18
5.2.2
Fixed in WordPress 5.2.18
5.2.1
Fixed in WordPress 5.2.18
5.2
Fixed in WordPress 5.2.18
5.1.15
Fixed in WordPress 5.1.16
5.1.14
Fixed in WordPress 5.1.16
5.1.13
Fixed in WordPress 5.1.16
5.1.12
Fixed in WordPress 5.1.16
5.1.11
Fixed in WordPress 5.1.16
5.1.10
Fixed in WordPress 5.1.16
5.1.9
Fixed in WordPress 5.1.16
5.1.8
Fixed in WordPress 5.1.16
5.1.7
Fixed in WordPress 5.1.16
5.1.6
Fixed in WordPress 5.1.16
5.1.5
Fixed in WordPress 5.1.16
5.1.4
Fixed in WordPress 5.1.16
5.1.3
Fixed in WordPress 5.1.16
5.1.2
Fixed in WordPress 5.1.16
5.1.1
Fixed in WordPress 5.1.16
5.1
Fixed in WordPress 5.1.16
5.0.18
Fixed in WordPress 5.0.19
5.0.17
Fixed in WordPress 5.0.19
5.0.16
Fixed in WordPress 5.0.19
5.0.15
Fixed in WordPress 5.0.19
5.0.14
Fixed in WordPress 5.0.19
5.0.13
Fixed in WordPress 5.0.19
5.0.12
Fixed in WordPress 5.0.19
5.0.11
Fixed in WordPress 5.0.19
5.0.10
Fixed in WordPress 5.0.19
5.0.9
Fixed in WordPress 5.0.19
5.0.8
Fixed in WordPress 5.0.19
5.0.7
Fixed in WordPress 5.0.19
5.0.6
Fixed in WordPress 5.0.19
5.0.4
Fixed in WordPress 5.0.19
5.0.3
Fixed in WordPress 5.0.19
5.0.2
Fixed in WordPress 5.0.19
5.0.1
Fixed in WordPress 5.0.19
5.0
Fixed in WordPress 5.0.19
4.9.22
Fixed in WordPress 4.9.23
4.9.21
Fixed in WordPress 4.9.23
4.9.20
Fixed in WordPress 4.9.23
4.9.19
Fixed in WordPress 4.9.23
4.9.18
Fixed in WordPress 4.9.23
4.9.17
Fixed in WordPress 4.9.23
4.9.16
Fixed in WordPress 4.9.23
4.9.15
Fixed in WordPress 4.9.23
4.9.14
Fixed in WordPress 4.9.23
4.9.13
Fixed in WordPress 4.9.23
4.9.12
Fixed in WordPress 4.9.23
4.9.11
Fixed in WordPress 4.9.23
4.9.10
Fixed in WordPress 4.9.23
4.9.9
Fixed in WordPress 4.9.23
4.9.8
Fixed in WordPress 4.9.23
4.9.7
Fixed in WordPress 4.9.23
4.9.6
Fixed in WordPress 4.9.23
4.9.5
Fixed in WordPress 4.9.23
4.9.4
Fixed in WordPress 4.9.23
4.9.3
Fixed in WordPress 4.9.23
4.9.2
Fixed in WordPress 4.9.23
4.9.1
Fixed in WordPress 4.9.23
4.9
Fixed in WordPress 4.9.23
4.8.21
Fixed in WordPress 4.8.22
4.8.20
Fixed in WordPress 4.8.22
4.8.19
Fixed in WordPress 4.8.22
4.8.18
Fixed in WordPress 4.8.22
4.8.17
Fixed in WordPress 4.8.22
4.8.16
Fixed in WordPress 4.8.22
4.8.15
Fixed in WordPress 4.8.22
4.8.14
Fixed in WordPress 4.8.22
4.8.13
Fixed in WordPress 4.8.22
4.8.12
Fixed in WordPress 4.8.22
4.8.11
Fixed in WordPress 4.8.22
4.8.10
Fixed in WordPress 4.8.22
4.8.9
Fixed in WordPress 4.8.22
4.8.8
Fixed in WordPress 4.8.22
4.8.7
Fixed in WordPress 4.8.22
4.8.6
Fixed in WordPress 4.8.22
4.8.5
Fixed in WordPress 4.8.22
4.8.4
Fixed in WordPress 4.8.22
4.8.3
Fixed in WordPress 4.8.22
4.8.2
Fixed in WordPress 4.8.22
4.8.1
Fixed in WordPress 4.8.22
4.8
Fixed in WordPress 4.8.22
4.7.25
Fixed in WordPress 4.7.26
4.7.24
Fixed in WordPress 4.7.26
4.7.23
Fixed in WordPress 4.7.26
4.7.22
Fixed in WordPress 4.7.26
4.7.21
Fixed in WordPress 4.7.26
4.7.20
Fixed in WordPress 4.7.26
4.7.19
Fixed in WordPress 4.7.26
4.7.18
Fixed in WordPress 4.7.26
4.7.17
Fixed in WordPress 4.7.26
4.7.16
Fixed in WordPress 4.7.26
4.7.15
Fixed in WordPress 4.7.26
4.7.14
Fixed in WordPress 4.7.26
4.7.13
Fixed in WordPress 4.7.26
4.7.12
Fixed in WordPress 4.7.26
4.7.11
Fixed in WordPress 4.7.26
4.7.10
Fixed in WordPress 4.7.26
4.7.9
Fixed in WordPress 4.7.26
4.7.8
Fixed in WordPress 4.7.26
4.7.7
Fixed in WordPress 4.7.26
4.7.6
Fixed in WordPress 4.7.26
4.7.5
Fixed in WordPress 4.7.26
4.7.4
Fixed in WordPress 4.7.26
4.7.3
Fixed in WordPress 4.7.26
4.7.2
Fixed in WordPress 4.7.26
4.7.1
Fixed in WordPress 4.7.26
4.7
Fixed in WordPress 4.7.26
4.6.25
Fixed in WordPress 4.6.26
4.6.24
Fixed in WordPress 4.6.26
4.6.23
Fixed in WordPress 4.6.26
4.6.22
Fixed in WordPress 4.6.26
4.6.21
Fixed in WordPress 4.6.26
4.6.20
Fixed in WordPress 4.6.26
4.6.19
Fixed in WordPress 4.6.26
4.6.18
Fixed in WordPress 4.6.26
4.6.17
Fixed in WordPress 4.6.26
4.6.16
Fixed in WordPress 4.6.26
4.6.15
Fixed in WordPress 4.6.26
4.6.14
Fixed in WordPress 4.6.26
4.6.13
Fixed in WordPress 4.6.26
4.6.12
Fixed in WordPress 4.6.26
4.6.11
Fixed in WordPress 4.6.26
4.6.10
Fixed in WordPress 4.6.26
4.6.9
Fixed in WordPress 4.6.26
4.6.8
Fixed in WordPress 4.6.26
4.6.7
Fixed in WordPress 4.6.26
4.6.6
Fixed in WordPress 4.6.26
4.6.5
Fixed in WordPress 4.6.26
4.6.4
Fixed in WordPress 4.6.26
4.6.3
Fixed in WordPress 4.6.26
4.6.2
Fixed in WordPress 4.6.26
4.6.1
Fixed in WordPress 4.6.26
4.6
Fixed in WordPress 4.6.26
4.5.28
Fixed in WordPress 4.5.29
4.5.27
Fixed in WordPress 4.5.29
4.5.26
Fixed in WordPress 4.5.29
4.5.25
Fixed in WordPress 4.5.29
4.5.24
Fixed in WordPress 4.5.29
4.5.23
Fixed in WordPress 4.5.29
4.5.22
Fixed in WordPress 4.5.29
4.5.21
Fixed in WordPress 4.5.29
4.5.20
Fixed in WordPress 4.5.29
4.5.19
Fixed in WordPress 4.5.29
4.5.18
Fixed in WordPress 4.5.29
4.5.17
Fixed in WordPress 4.5.29
4.5.16
Fixed in WordPress 4.5.29
4.5.15
Fixed in WordPress 4.5.29
4.5.14
Fixed in WordPress 4.5.29
4.5.13
Fixed in WordPress 4.5.29
4.5.12
Fixed in WordPress 4.5.29
4.5.11
Fixed in WordPress 4.5.29
4.5.10
Fixed in WordPress 4.5.29
4.5.9
Fixed in WordPress 4.5.29
4.5.8
Fixed in WordPress 4.5.29
4.5.7
Fixed in WordPress 4.5.29
4.5.6
Fixed in WordPress 4.5.29
4.5.5
Fixed in WordPress 4.5.29
4.5.4
Fixed in WordPress 4.5.29
4.5.3
Fixed in WordPress 4.5.29
4.5.2
Fixed in WordPress 4.5.29
4.5.1
Fixed in WordPress 4.5.29
4.5
Fixed in WordPress 4.5.29
4.4.29
Fixed in WordPress 4.4.30
4.4.28
Fixed in WordPress 4.4.30
4.4.27
Fixed in WordPress 4.4.30
4.4.26
Fixed in WordPress 4.4.30
4.4.25
Fixed in WordPress 4.4.30
4.4.24
Fixed in WordPress 4.4.30
4.4.23
Fixed in WordPress 4.4.30
4.4.22
Fixed in WordPress 4.4.30
4.4.21
Fixed in WordPress 4.4.30
4.4.20
Fixed in WordPress 4.4.30
4.4.19
Fixed in WordPress 4.4.30
4.4.18
Fixed in WordPress 4.4.30
4.4.17
Fixed in WordPress 4.4.30
4.4.16
Fixed in WordPress 4.4.30
4.4.15
Fixed in WordPress 4.4.30
4.4.14
Fixed in WordPress 4.4.30
4.4.13
Fixed in WordPress 4.4.30
4.4.12
Fixed in WordPress 4.4.30
4.4.11
Fixed in WordPress 4.4.30
4.4.10
Fixed in WordPress 4.4.30
4.4.9
Fixed in WordPress 4.4.30
4.4.8
Fixed in WordPress 4.4.30
4.4.7
Fixed in WordPress 4.4.30
4.4.6
Fixed in WordPress 4.4.30
4.4.5
Fixed in WordPress 4.4.30
4.4.4
Fixed in WordPress 4.4.30
4.4.3
Fixed in WordPress 4.4.30
4.4.2
Fixed in WordPress 4.4.30
4.4.1
Fixed in WordPress 4.4.30
4.4
Fixed in WordPress 4.4.30
4.3.30
Fixed in WordPress 4.3.31
4.3.29
Fixed in WordPress 4.3.31
4.3.28
Fixed in WordPress 4.3.31
4.3.27
Fixed in WordPress 4.3.31
4.3.26
Fixed in WordPress 4.3.31
4.3.25
Fixed in WordPress 4.3.31
4.3.24
Fixed in WordPress 4.3.31
4.3.23
Fixed in WordPress 4.3.31
4.3.22
Fixed in WordPress 4.3.31
4.3.21
Fixed in WordPress 4.3.31
4.3.20
Fixed in WordPress 4.3.31
4.3.19
Fixed in WordPress 4.3.31
4.3.18
Fixed in WordPress 4.3.31
4.3.17
Fixed in WordPress 4.3.31
4.3.16
Fixed in WordPress 4.3.31
4.3.15
Fixed in WordPress 4.3.31
4.3.14
Fixed in WordPress 4.3.31
4.3.13
Fixed in WordPress 4.3.31
4.3.12
Fixed in WordPress 4.3.31
4.3.11
Fixed in WordPress 4.3.31
4.3.10
Fixed in WordPress 4.3.31
4.3.9
Fixed in WordPress 4.3.31
4.3.8
Fixed in WordPress 4.3.31
4.3.7
Fixed in WordPress 4.3.31
4.3.6
Fixed in WordPress 4.3.31
4.3.5
Fixed in WordPress 4.3.31
4.3.4
Fixed in WordPress 4.3.31
4.3.3
Fixed in WordPress 4.3.31
4.3.2
Fixed in WordPress 4.3.31
4.3.1
Fixed in WordPress 4.3.31
4.3
Fixed in WordPress 4.3.31
4.2.34
Fixed in WordPress 4.2.35
4.2.33
Fixed in WordPress 4.2.35
4.2.32
Fixed in WordPress 4.2.35
4.2.31
Fixed in WordPress 4.2.35
4.2.30
Fixed in WordPress 4.2.35
4.2.29
Fixed in WordPress 4.2.35
4.2.28
Fixed in WordPress 4.2.35
4.2.27
Fixed in WordPress 4.2.35
4.2.26
Fixed in WordPress 4.2.35
4.2.25
Fixed in WordPress 4.2.35
4.2.24
Fixed in WordPress 4.2.35
4.2.23
Fixed in WordPress 4.2.35
4.2.22
Fixed in WordPress 4.2.35
4.2.21
Fixed in WordPress 4.2.35
4.2.20
Fixed in WordPress 4.2.35
4.2.19
Fixed in WordPress 4.2.35
4.2.18
Fixed in WordPress 4.2.35
4.2.17
Fixed in WordPress 4.2.35
4.2.16
Fixed in WordPress 4.2.35
4.2.15
Fixed in WordPress 4.2.35
4.2.14
Fixed in WordPress 4.2.35
4.2.13
Fixed in WordPress 4.2.35
4.2.12
Fixed in WordPress 4.2.35
4.2.11
Fixed in WordPress 4.2.35
4.2.10
Fixed in WordPress 4.2.35
4.2.9
Fixed in WordPress 4.2.35
4.2.8
Fixed in WordPress 4.2.35
4.2.7
Fixed in WordPress 4.2.35
4.2.6
Fixed in WordPress 4.2.35
4.2.5
Fixed in WordPress 4.2.35
4.2.4
Fixed in WordPress 4.2.35
4.2.3
Fixed in WordPress 4.2.35
4.2.2
Fixed in WordPress 4.2.35
4.2.1
Fixed in WordPress 4.2.35
4.2
Fixed in WordPress 4.2.35
4.1.37
Fixed in WordPress 4.1.38
4.1.36
Fixed in WordPress 4.1.38
4.1.35
Fixed in WordPress 4.1.38
4.1.34
Fixed in WordPress 4.1.38
4.1.33
Fixed in WordPress 4.1.38
4.1.32
Fixed in WordPress 4.1.38
4.1.31
Fixed in WordPress 4.1.38
4.1.30
Fixed in WordPress 4.1.38
4.1.29
Fixed in WordPress 4.1.38
4.1.28
Fixed in WordPress 4.1.38
4.1.27
Fixed in WordPress 4.1.38
4.1.26
Fixed in WordPress 4.1.38
4.1.25
Fixed in WordPress 4.1.38
4.1.24
Fixed in WordPress 4.1.38
4.1.23
Fixed in WordPress 4.1.38
4.1.22
Fixed in WordPress 4.1.38
4.1.21
Fixed in WordPress 4.1.38
4.1.20
Fixed in WordPress 4.1.38
4.1.19
Fixed in WordPress 4.1.38
4.1.18
Fixed in WordPress 4.1.38
4.1.17
Fixed in WordPress 4.1.38
4.1.16
Fixed in WordPress 4.1.38
4.1.15
Fixed in WordPress 4.1.38
4.1.14
Fixed in WordPress 4.1.38
4.1.13
Fixed in WordPress 4.1.38
4.1.12
Fixed in WordPress 4.1.38
4.1.11
Fixed in WordPress 4.1.38
4.1.10
Fixed in WordPress 4.1.38
4.1.9
Fixed in WordPress 4.1.38
4.1.8
Fixed in WordPress 4.1.38
4.1.7
Fixed in WordPress 4.1.38
4.1.6
Fixed in WordPress 4.1.38
4.1.5
Fixed in WordPress 4.1.38
4.1.4
Fixed in WordPress 4.1.38
4.1.3
Fixed in WordPress 4.1.38
4.1.2
Fixed in WordPress 4.1.38
4.1.1
Fixed in WordPress 4.1.38
4.1
Fixed in WordPress 4.1.38
5.7.8
Fixed in WordPress 5.7.9
5.7.7
Fixed in WordPress 5.7.9
5.7.6
Fixed in WordPress 5.7.9
5.7.5
Fixed in WordPress 5.7.9
5.7.4
Fixed in WordPress 5.7.9
5.7.3
Fixed in WordPress 5.7.9
5.7.2
Fixed in WordPress 5.7.9
5.7.1
Fixed in WordPress 5.7.9
5.7
Fixed in WordPress 5.7.9

References

URL
https://wordpress.org/news/2023/05/wordpress-6-2-1-maintenance-security-release/

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
5.5 (medium)

Miscellaneous

Original Researcher
Third-party auditor
Verified
Yes
WPVDB ID
1527ebdb-18bc-4f9d-9c20-8d729a628670

Timeline

Publicly Published
2023-05-16 (about 2 years ago)
Added
2023-05-17 (about 2 years ago)
Last Updated
2023-05-23 (about 2 years ago)

Other

Published
Title
Published
2024-03-12
Title
HT Mega – Absolute Addons For Elementor < 2.4.5 - Contributor+ Stored Cross-Site Scripting via Post Carousel Widget
Published
2024-06-05
Title
Themesflat Addons For Elementor < 2.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widget Tags
Published
2024-07-09
Title
Simple Post Notes < 1.7.8 - Authenticated (Administrator+) Stored Cross-Site Scripting
Published
2025-10-21
Title
Simple Tableau Viz <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Published
2024-05-15
Title
Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor < 2.0.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting