WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

WordPress < 5.9.2 / Gutenberg < 12.7.2 - Prototype Pollution via Gutenberg’s wordpress/url package

Description

The @wordpress/url package used in WordPress and the Gutenberg plugin is affected by a Prototype Pollution issue

Affects WordPress

5.9.1
Fixed in version 5.9.2
5.9
Fixed in version 5.9.2
5.8.3
Fixed in version 5.8.4
5.8.2
Fixed in version 5.8.4
5.8.1
Fixed in version 5.8.4
5.8
Fixed in version 5.8.4
5.7.5
Fixed in version 5.7.6
5.7.4
Fixed in version 5.7.6
5.7.3
Fixed in version 5.7.6
5.7.2
Fixed in version 5.7.6

Affects Plugins

gutenberg
Fixed in version 12.7.2

References

URL
https://wordpress.org/news/2022/03/wordpress-5-9-2-security-maintenance-release/
URL
https://github.com/WordPress/gutenberg/pull/39365/files

Classification

Type

UNKNOWN

Miscellaneous

Verified

Yes

WPVDB ID
6e61b246-5af1-4a4f-9ca8-a8c87eb2e499

Timeline

Publicly Published

2022-03-11 (about 2 months ago)

Added

2022-03-11 (about 2 months ago)

Last Updated

2022-04-17 (about 1 months ago)

Our Other Services

WPScan WordPress Security Plugin