WordPress < 6.5.5 – Contributor+ Stored XSS in Template-Part Block

Description

WordPress does not properly escape the "tagName" attribute in the "Template Part block" allowing high-privileged users to perform Stored Cross-Site Scripting (XSS) attacks.

Proof of Concept

As a contributor, add a "Template Part" block to a post, click on "Start Blank" and then Create. 

Go into Editor mode and add the following to the wp:template-part block: "tagName":"img src=x onerror=alert(1) title=x"

Affects WordPress

6.5.4

Fixed in WordPress 6.5.5

6.5.3

Fixed in WordPress 6.5.5

6.5.2

Fixed in WordPress 6.5.5

6.5.1

Fixed in WordPress 6.5.5

6.5

Fixed in WordPress 6.5.5

6.4.4

Fixed in WordPress 6.4.5

6.4.3

Fixed in WordPress 6.4.5

6.4.2

Fixed in WordPress 6.4.5

6.4.1

Fixed in WordPress 6.4.5

6.4

Fixed in WordPress 6.4.5

6.3.4

Fixed in WordPress 6.3.5

6.3.3

Fixed in WordPress 6.3.5

6.3.2

Fixed in WordPress 6.3.5

6.3.1

Fixed in WordPress 6.3.5

6.3

Fixed in WordPress 6.3.5

6.2.5

Fixed in WordPress 6.2.6

6.2.4

Fixed in WordPress 6.2.6

6.2.3

Fixed in WordPress 6.2.6

6.2.2

Fixed in WordPress 6.2.6

6.2.1

Fixed in WordPress 6.2.6

6.2

Fixed in WordPress 6.2.6

6.1.6

Fixed in WordPress 6.1.7

6.1.5

Fixed in WordPress 6.1.7

6.1.4

Fixed in WordPress 6.1.7

6.1.3

Fixed in WordPress 6.1.7

6.1.2

Fixed in WordPress 6.1.7

6.1.1

Fixed in WordPress 6.1.7

6.1

Fixed in WordPress 6.1.7

6.0.8

Fixed in WordPress 6.0.9

6.0.7

Fixed in WordPress 6.0.9

6.0.6

Fixed in WordPress 6.0.9

6.0.5

Fixed in WordPress 6.0.9

6.0.4

Fixed in WordPress 6.0.9

6.0.3

Fixed in WordPress 6.0.9

6.0.2

Fixed in WordPress 6.0.9

6.0.1

Fixed in WordPress 6.0.9

6.0

Fixed in WordPress 6.0.9

5.9.9

Fixed in WordPress 5.9.10

5.9.8

Fixed in WordPress 5.9.10

5.9.7

Fixed in WordPress 5.9.10

5.9.6

Fixed in WordPress 5.9.10

5.9.5

Fixed in WordPress 5.9.10

5.9.4

Fixed in WordPress 5.9.10

5.9.3

Fixed in WordPress 5.9.10

5.9.2

Fixed in WordPress 5.9.10

5.9.1

Fixed in WordPress 5.9.10

5.9

Fixed in WordPress 5.9.10

5.8.9

Fixed in WordPress 5.8.10

5.8.8

Fixed in WordPress 5.8.10

5.8.7

Fixed in WordPress 5.8.10

5.8.6

Fixed in WordPress 5.8.10

5.8.5

Fixed in WordPress 5.8.10

5.8.4

Fixed in WordPress 5.8.10

5.8.3

Fixed in WordPress 5.8.10

5.8.2

Fixed in WordPress 5.8.10

5.8.1

Fixed in WordPress 5.8.10

5.8

Fixed in WordPress 5.8.10

5.7.11

Fixed in WordPress 5.7.12

5.7.10

Fixed in WordPress 5.7.12

5.7.9

Fixed in WordPress 5.7.12

5.7.8

Fixed in WordPress 5.7.12

5.7.7

Fixed in WordPress 5.7.12

5.7.6

Fixed in WordPress 5.7.12

5.7.5

Fixed in WordPress 5.7.12

5.7.4

Fixed in WordPress 5.7.12

5.7.3

Fixed in WordPress 5.7.12

5.7.2

Fixed in WordPress 5.7.12

5.7.1

Fixed in WordPress 5.7.12

5.7

Fixed in WordPress 5.7.12

5.6.13

Fixed in WordPress 5.6.14

5.6.12

Fixed in WordPress 5.6.14

5.6.11

Fixed in WordPress 5.6.14

5.6.10

Fixed in WordPress 5.6.14

5.6.9

Fixed in WordPress 5.6.14

5.6.8

Fixed in WordPress 5.6.14

5.6.7

Fixed in WordPress 5.6.14

5.6.6

Fixed in WordPress 5.6.14

5.6.5

Fixed in WordPress 5.6.14

5.6.4

Fixed in WordPress 5.6.14

5.6.3

Fixed in WordPress 5.6.14

5.6.2

Fixed in WordPress 5.6.14

5.6.1

Fixed in WordPress 5.6.14

5.6

Fixed in WordPress 5.6.14

5.5.14

Fixed in WordPress 5.5.15

5.5.13

Fixed in WordPress 5.5.15

5.5.12

Fixed in WordPress 5.5.15

5.5.11

Fixed in WordPress 5.5.15

5.5.10

Fixed in WordPress 5.5.15

5.5.9

Fixed in WordPress 5.5.15

5.5.8

Fixed in WordPress 5.5.15

5.5.7

Fixed in WordPress 5.5.15

5.5.6

Fixed in WordPress 5.5.15

5.5.5

Fixed in WordPress 5.5.15

5.5.4

Fixed in WordPress 5.5.15

5.5.3

Fixed in WordPress 5.5.15

5.5.2

Fixed in WordPress 5.5.15

5.5.1

Fixed in WordPress 5.5.15

5.5

Fixed in WordPress 5.5.15

5.4.15

Fixed in WordPress 5.4.16

5.4.14

Fixed in WordPress 5.4.16

5.4.13

Fixed in WordPress 5.4.16

5.4.12

Fixed in WordPress 5.4.16

5.4.11

Fixed in WordPress 5.4.16

5.4.10

Fixed in WordPress 5.4.16

5.4.9

Fixed in WordPress 5.4.16

5.4.8

Fixed in WordPress 5.4.16

5.4.7

Fixed in WordPress 5.4.16

5.4.6

Fixed in WordPress 5.4.16

5.4.5

Fixed in WordPress 5.4.16

5.4.4

Fixed in WordPress 5.4.16

5.4.3

Fixed in WordPress 5.4.16

5.4.2

Fixed in WordPress 5.4.16

5.4.1

Fixed in WordPress 5.4.16

5.4

Fixed in WordPress 5.4.16

5.3.17

Fixed in WordPress 5.3.18

5.3.16

Fixed in WordPress 5.3.18

5.3.15

Fixed in WordPress 5.3.18

5.3.14

Fixed in WordPress 5.3.18

5.3.13

Fixed in WordPress 5.3.18

5.3.12

Fixed in WordPress 5.3.18

5.3.11

Fixed in WordPress 5.3.18

5.3.10

Fixed in WordPress 5.3.18

5.3.9

Fixed in WordPress 5.3.18

5.3.8

Fixed in WordPress 5.3.18

5.3.7

Fixed in WordPress 5.3.18

5.3.6

Fixed in WordPress 5.3.18

5.3.5

Fixed in WordPress 5.3.18

5.3.4

Fixed in WordPress 5.3.18

5.3.3

Fixed in WordPress 5.3.18

5.3.2

Fixed in WordPress 5.3.18

5.3.1

Fixed in WordPress 5.3.18

5.3

Fixed in WordPress 5.3.18

5.2.20

Fixed in WordPress 5.2.21

5.2.19

Fixed in WordPress 5.2.21

5.2.18

Fixed in WordPress 5.2.21

5.2.17

Fixed in WordPress 5.2.21

5.2.16

Fixed in WordPress 5.2.21

5.2.15

Fixed in WordPress 5.2.21

5.2.14

Fixed in WordPress 5.2.21

5.2.13

Fixed in WordPress 5.2.21

5.2.12

Fixed in WordPress 5.2.21

5.2.11

Fixed in WordPress 5.2.21

5.2.10

Fixed in WordPress 5.2.21

5.2.9

Fixed in WordPress 5.2.21

5.2.8

Fixed in WordPress 5.2.21

5.2.7

Fixed in WordPress 5.2.21

5.2.6

Fixed in WordPress 5.2.21

5.2.5

Fixed in WordPress 5.2.21

5.2.4

Fixed in WordPress 5.2.21

5.2.3

Fixed in WordPress 5.2.21

5.2.2

Fixed in WordPress 5.2.21

5.2.1

Fixed in WordPress 5.2.21

5.2

Fixed in WordPress 5.2.21

5.1.18

Fixed in WordPress 5.1.19

5.1.17

Fixed in WordPress 5.1.19

5.1.16

Fixed in WordPress 5.1.19

5.1.15

Fixed in WordPress 5.1.19

5.1.14

Fixed in WordPress 5.1.19

5.1.13

Fixed in WordPress 5.1.19

5.1.12

Fixed in WordPress 5.1.19

5.1.11

Fixed in WordPress 5.1.19

5.1.10

Fixed in WordPress 5.1.19

5.1.9

Fixed in WordPress 5.1.19

5.1.8

Fixed in WordPress 5.1.19

5.1.7

Fixed in WordPress 5.1.19

5.1.6

Fixed in WordPress 5.1.19

5.1.5

Fixed in WordPress 5.1.19

5.1.4

Fixed in WordPress 5.1.19

5.1.3

Fixed in WordPress 5.1.19

5.1.2

Fixed in WordPress 5.1.19

5.1.1

Fixed in WordPress 5.1.19

5.1

Fixed in WordPress 5.1.19

5.0.21

Fixed in WordPress 5.0.22

5.0.20

Fixed in WordPress 5.0.22

5.0.19

Fixed in WordPress 5.0.22

5.0.18

Fixed in WordPress 5.0.22

5.0.17

Fixed in WordPress 5.0.22

5.0.16

Fixed in WordPress 5.0.22

5.0.15

Fixed in WordPress 5.0.22

5.0.14

Fixed in WordPress 5.0.22

5.0.13

Fixed in WordPress 5.0.22

5.0.12

Fixed in WordPress 5.0.22

5.0.11

Fixed in WordPress 5.0.22

5.0.10

Fixed in WordPress 5.0.22

5.0.9

Fixed in WordPress 5.0.22

5.0.8

Fixed in WordPress 5.0.22

5.0.7

Fixed in WordPress 5.0.22

5.0.6

Fixed in WordPress 5.0.22

5.0.5

Fixed in WordPress 5.0.22

5.0.4

Fixed in WordPress 5.0.22

5.0.3

Fixed in WordPress 5.0.22

5.0.2

Fixed in WordPress 5.0.22

5.0.1

Fixed in WordPress 5.0.22

5.0

Fixed in WordPress 5.0.22

4.9.25

Fixed in WordPress 4.9.26

4.9.24

Fixed in WordPress 4.9.26

4.9.23

Fixed in WordPress 4.9.26

4.9.22

Fixed in WordPress 4.9.26

4.9.21

Fixed in WordPress 4.9.26

4.9.20

Fixed in WordPress 4.9.26

4.9.19

Fixed in WordPress 4.9.26

4.9.18

Fixed in WordPress 4.9.26

4.9.17

Fixed in WordPress 4.9.26

4.9.16

Fixed in WordPress 4.9.26

4.9.15

Fixed in WordPress 4.9.26

4.9.14

Fixed in WordPress 4.9.26

4.9.13

Fixed in WordPress 4.9.26

4.9.12

Fixed in WordPress 4.9.26

4.9.11

Fixed in WordPress 4.9.26

4.9.10

Fixed in WordPress 4.9.26

4.9.9

Fixed in WordPress 4.9.26

4.9.8

Fixed in WordPress 4.9.26

4.9.7

Fixed in WordPress 4.9.26

4.9.6

Fixed in WordPress 4.9.26

4.9.5

Fixed in WordPress 4.9.26

4.9.4

Fixed in WordPress 4.9.26

4.9.3

Fixed in WordPress 4.9.26

4.9.2

Fixed in WordPress 4.9.26

4.9.1

Fixed in WordPress 4.9.26

4.9

Fixed in WordPress 4.9.26

4.8.24

Fixed in WordPress 4.8.25

4.8.23

Fixed in WordPress 4.8.25

4.8.22

Fixed in WordPress 4.8.25

4.8.21

Fixed in WordPress 4.8.25

4.8.20

Fixed in WordPress 4.8.25

4.8.19

Fixed in WordPress 4.8.25

4.8.18

Fixed in WordPress 4.8.25

4.8.17

Fixed in WordPress 4.8.25

4.8.16

Fixed in WordPress 4.8.25

4.8.15

Fixed in WordPress 4.8.25

4.8.14

Fixed in WordPress 4.8.25

4.8.13

Fixed in WordPress 4.8.25

4.8.12

Fixed in WordPress 4.8.25

4.8.11

Fixed in WordPress 4.8.25

4.8.10

Fixed in WordPress 4.8.25

4.8.9

Fixed in WordPress 4.8.25

4.8.8

Fixed in WordPress 4.8.25

4.8.7

Fixed in WordPress 4.8.25

4.8.6

Fixed in WordPress 4.8.25

4.8.5

Fixed in WordPress 4.8.25

4.8.4

Fixed in WordPress 4.8.25

4.8.3

Fixed in WordPress 4.8.25

4.8.2

Fixed in WordPress 4.8.25

4.8.1

Fixed in WordPress 4.8.25

4.8

Fixed in WordPress 4.8.25

4.7.28

Fixed in WordPress 4.7.29

4.7.27

Fixed in WordPress 4.7.29

4.7.26

Fixed in WordPress 4.7.29

4.7.25

Fixed in WordPress 4.7.29

4.7.24

Fixed in WordPress 4.7.29

4.7.23

Fixed in WordPress 4.7.29

4.7.22

Fixed in WordPress 4.7.29

4.7.21

Fixed in WordPress 4.7.29

4.7.20

Fixed in WordPress 4.7.29

4.7.19

Fixed in WordPress 4.7.29

4.7.18

Fixed in WordPress 4.7.29

4.7.17

Fixed in WordPress 4.7.29

4.7.16

Fixed in WordPress 4.7.29

4.7.15

Fixed in WordPress 4.7.29

4.7.14

Fixed in WordPress 4.7.29

4.7.13

Fixed in WordPress 4.7.29

4.7.12

Fixed in WordPress 4.7.29

4.7.11

Fixed in WordPress 4.7.29

4.7.10

Fixed in WordPress 4.7.29

4.7.9

Fixed in WordPress 4.7.29

4.7.8

Fixed in WordPress 4.7.29

4.7.7

Fixed in WordPress 4.7.29

4.7.6

Fixed in WordPress 4.7.29

4.7.5

Fixed in WordPress 4.7.29

4.7.4

Fixed in WordPress 4.7.29

4.7.3

Fixed in WordPress 4.7.29

4.7.2

Fixed in WordPress 4.7.29

4.7.1

Fixed in WordPress 4.7.29

4.7

Fixed in WordPress 4.7.29

4.6.28

Fixed in WordPress 4.6.29

4.6.27

Fixed in WordPress 4.6.29

4.6.26

Fixed in WordPress 4.6.29

4.6.25

Fixed in WordPress 4.6.29

4.6.24

Fixed in WordPress 4.6.29

4.6.23

Fixed in WordPress 4.6.29

4.6.22

Fixed in WordPress 4.6.29

4.6.21

Fixed in WordPress 4.6.29

4.6.20

Fixed in WordPress 4.6.29

4.6.19

Fixed in WordPress 4.6.29

4.6.18

Fixed in WordPress 4.6.29

4.6.17

Fixed in WordPress 4.6.29

4.6.16

Fixed in WordPress 4.6.29

4.6.15

Fixed in WordPress 4.6.29

4.6.14

Fixed in WordPress 4.6.29

4.6.13

Fixed in WordPress 4.6.29

4.6.12

Fixed in WordPress 4.6.29

4.6.11

Fixed in WordPress 4.6.29

4.6.10

Fixed in WordPress 4.6.29

4.6.9

Fixed in WordPress 4.6.29

4.6.8

Fixed in WordPress 4.6.29

4.6.7

Fixed in WordPress 4.6.29

4.6.6

Fixed in WordPress 4.6.29

4.6.5

Fixed in WordPress 4.6.29

4.6.4

Fixed in WordPress 4.6.29

4.6.3

Fixed in WordPress 4.6.29

4.6.2

Fixed in WordPress 4.6.29

4.6.1

Fixed in WordPress 4.6.29

4.6

Fixed in WordPress 4.6.29

4.5.31

Fixed in WordPress 4.5.32

4.5.30

Fixed in WordPress 4.5.32

4.5.29

Fixed in WordPress 4.5.32

4.5.28

Fixed in WordPress 4.5.32

4.5.27

Fixed in WordPress 4.5.32

4.5.26

Fixed in WordPress 4.5.32

4.5.25

Fixed in WordPress 4.5.32

4.5.24

Fixed in WordPress 4.5.32

4.5.23

Fixed in WordPress 4.5.32

4.5.22

Fixed in WordPress 4.5.32

4.5.21

Fixed in WordPress 4.5.32

4.5.20

Fixed in WordPress 4.5.32

4.5.19

Fixed in WordPress 4.5.32

4.5.18

Fixed in WordPress 4.5.32

4.5.17

Fixed in WordPress 4.5.32

4.5.16

Fixed in WordPress 4.5.32

4.5.15

Fixed in WordPress 4.5.32

4.5.14

Fixed in WordPress 4.5.32

4.5.13

Fixed in WordPress 4.5.32

4.5.12

Fixed in WordPress 4.5.32

4.5.11

Fixed in WordPress 4.5.32

4.5.10

Fixed in WordPress 4.5.32

4.5.9

Fixed in WordPress 4.5.32

4.5.8

Fixed in WordPress 4.5.32

4.5.7

Fixed in WordPress 4.5.32

4.5.6

Fixed in WordPress 4.5.32

4.5.5

Fixed in WordPress 4.5.32

4.5.4

Fixed in WordPress 4.5.32

4.5.3

Fixed in WordPress 4.5.32

4.5.2

Fixed in WordPress 4.5.32

4.5.1

Fixed in WordPress 4.5.32

4.5

Fixed in WordPress 4.5.32

4.4.32

Fixed in WordPress 4.4.33

4.4.31

Fixed in WordPress 4.4.33

4.4.30

Fixed in WordPress 4.4.33

4.4.29

Fixed in WordPress 4.4.33

4.4.28

Fixed in WordPress 4.4.33

4.4.27

Fixed in WordPress 4.4.33

4.4.26

Fixed in WordPress 4.4.33

4.4.25

Fixed in WordPress 4.4.33

4.4.24

Fixed in WordPress 4.4.33

4.4.23

Fixed in WordPress 4.4.33

4.4.22

Fixed in WordPress 4.4.33

4.4.21

Fixed in WordPress 4.4.33

4.4.20

Fixed in WordPress 4.4.33

4.4.19

Fixed in WordPress 4.4.33

4.4.18

Fixed in WordPress 4.4.33

4.4.17

Fixed in WordPress 4.4.33

4.4.16

Fixed in WordPress 4.4.33

4.4.15

Fixed in WordPress 4.4.33

4.4.14

Fixed in WordPress 4.4.33

4.4.13

Fixed in WordPress 4.4.33

4.4.12

Fixed in WordPress 4.4.33

4.4.11

Fixed in WordPress 4.4.33

4.4.10

Fixed in WordPress 4.4.33

4.4.9

Fixed in WordPress 4.4.33

4.4.8

Fixed in WordPress 4.4.33

4.4.7

Fixed in WordPress 4.4.33

4.4.6

Fixed in WordPress 4.4.33

4.4.5

Fixed in WordPress 4.4.33

4.4.4

Fixed in WordPress 4.4.33

4.4.3

Fixed in WordPress 4.4.33

4.4.2

Fixed in WordPress 4.4.33

4.4.1

Fixed in WordPress 4.4.33

4.4

Fixed in WordPress 4.4.33

4.3.33

Fixed in WordPress 4.3.34

4.3.32

Fixed in WordPress 4.3.34

4.3.31

Fixed in WordPress 4.3.34

4.3.30

Fixed in WordPress 4.3.34

4.3.29

Fixed in WordPress 4.3.34

4.3.28

Fixed in WordPress 4.3.34

4.3.27

Fixed in WordPress 4.3.34

4.3.26

Fixed in WordPress 4.3.34

4.3.25

Fixed in WordPress 4.3.34

4.3.24

Fixed in WordPress 4.3.34

4.3.23

Fixed in WordPress 4.3.34

4.3.22

Fixed in WordPress 4.3.34

4.3.21

Fixed in WordPress 4.3.34

4.3.20

Fixed in WordPress 4.3.34

4.3.19

Fixed in WordPress 4.3.34

4.3.18

Fixed in WordPress 4.3.34

4.3.17

Fixed in WordPress 4.3.34

4.3.16

Fixed in WordPress 4.3.34

4.3.15

Fixed in WordPress 4.3.34

4.3.14

Fixed in WordPress 4.3.34

4.3.13

Fixed in WordPress 4.3.34

4.3.12

Fixed in WordPress 4.3.34

4.3.11

Fixed in WordPress 4.3.34

4.3.10

Fixed in WordPress 4.3.34

4.3.9

Fixed in WordPress 4.3.34

4.3.8

Fixed in WordPress 4.3.34

4.3.7

Fixed in WordPress 4.3.34

4.3.6

Fixed in WordPress 4.3.34

4.3.5

Fixed in WordPress 4.3.34

4.3.4

Fixed in WordPress 4.3.34

4.3.3

Fixed in WordPress 4.3.34

4.3.2

Fixed in WordPress 4.3.34

4.3.1

Fixed in WordPress 4.3.34

4.3

Fixed in WordPress 4.3.34

4.2.37

Fixed in WordPress 4.2.38

4.2.36

Fixed in WordPress 4.2.38

4.2.35

Fixed in WordPress 4.2.38

4.2.34

Fixed in WordPress 4.2.38

4.2.33

Fixed in WordPress 4.2.38

4.2.32

Fixed in WordPress 4.2.38

4.2.31

Fixed in WordPress 4.2.38

4.2.30

Fixed in WordPress 4.2.38

4.2.29

Fixed in WordPress 4.2.38

4.2.28

Fixed in WordPress 4.2.38

4.2.27

Fixed in WordPress 4.2.38

4.2.26

Fixed in WordPress 4.2.38

4.2.25

Fixed in WordPress 4.2.38

4.2.24

Fixed in WordPress 4.2.38

4.2.23

Fixed in WordPress 4.2.38

4.2.22

Fixed in WordPress 4.2.38

4.2.21

Fixed in WordPress 4.2.38

4.2.20

Fixed in WordPress 4.2.38

4.2.19

Fixed in WordPress 4.2.38

4.2.18

Fixed in WordPress 4.2.38

4.2.17

Fixed in WordPress 4.2.38

4.2.16

Fixed in WordPress 4.2.38

4.2.15

Fixed in WordPress 4.2.38

4.2.14

Fixed in WordPress 4.2.38

4.2.13

Fixed in WordPress 4.2.38

4.2.12

Fixed in WordPress 4.2.38

4.2.11

Fixed in WordPress 4.2.38

4.2.10

Fixed in WordPress 4.2.38

4.2.9

Fixed in WordPress 4.2.38

4.2.8

Fixed in WordPress 4.2.38

4.2.7

Fixed in WordPress 4.2.38

4.2.6

Fixed in WordPress 4.2.38

4.2.5

Fixed in WordPress 4.2.38

4.2.4

Fixed in WordPress 4.2.38

4.2.3

Fixed in WordPress 4.2.38

4.2.2

Fixed in WordPress 4.2.38

4.2.1

Fixed in WordPress 4.2.38

4.2

Fixed in WordPress 4.2.38

4.1.40

Fixed in WordPress 4.1.41

4.1.39

Fixed in WordPress 4.1.41

4.1.38

Fixed in WordPress 4.1.41

4.1.37

Fixed in WordPress 4.1.41

4.1.36

Fixed in WordPress 4.1.41

4.1.35

Fixed in WordPress 4.1.41

4.1.34

Fixed in WordPress 4.1.41

4.1.33

Fixed in WordPress 4.1.41

4.1.32

Fixed in WordPress 4.1.41

4.1.31

Fixed in WordPress 4.1.41

4.1.30

Fixed in WordPress 4.1.41

4.1.29

Fixed in WordPress 4.1.41

4.1.28

Fixed in WordPress 4.1.41

4.1.27

Fixed in WordPress 4.1.41

4.1.26

Fixed in WordPress 4.1.41

4.1.25

Fixed in WordPress 4.1.41

4.1.24

Fixed in WordPress 4.1.41

4.1.23

Fixed in WordPress 4.1.41

4.1.22

Fixed in WordPress 4.1.41

4.1.21

Fixed in WordPress 4.1.41

4.1.20

Fixed in WordPress 4.1.41

4.1.19

Fixed in WordPress 4.1.41

4.1.18

Fixed in WordPress 4.1.41

4.1.17

Fixed in WordPress 4.1.41

4.1.16

Fixed in WordPress 4.1.41

4.1.15

Fixed in WordPress 4.1.41

4.1.14

Fixed in WordPress 4.1.41

4.1.13

Fixed in WordPress 4.1.41

4.1.12

Fixed in WordPress 4.1.41

4.1.11

Fixed in WordPress 4.1.41

4.1.10

Fixed in WordPress 4.1.41

4.1.9

Fixed in WordPress 4.1.41

4.1.8

Fixed in WordPress 4.1.41

4.1.7

Fixed in WordPress 4.1.41

4.1.6

Fixed in WordPress 4.1.41

4.1.5

Fixed in WordPress 4.1.41

4.1.4

Fixed in WordPress 4.1.41

4.1.3

Fixed in WordPress 4.1.41

4.1.2

Fixed in WordPress 4.1.41

4.1.1

Fixed in WordPress 4.1.41

4.1

Fixed in WordPress 4.1.41

References

URL

https://wordpress.org/news/2024/06/wordpress-6-5-5/

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

5.9 (medium)

Miscellaneous

Original Researcher

Rafie Muhammad

Verified

Yes

WPVDB ID

7c448f6d-4531-4757-bff0-be9e3220bbbb

Timeline

Publicly Published

2024-06-24 (about 1 year ago)

Added

2024-06-25 (about 1 year ago)

Last Updated

2024-06-25 (about 1 year ago)

Other

Published

Title

Published

2023-12-27

Title

WP Review Slider < 12.8 - Authenticated (Administrator+) Stored Cross-Site Scripting

Published

2023-10-12

Title

Amministrazione Trasparente < 8.0.5 - Admin+ Stored XSS

Published

2023-01-06

Title

WP Tabs < 2.1.17 - Contributor+ Stored XSS

Published

2025-01-16

Title

Easy Portfolio <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2014-08-01

Title

Accept Signups 0.1 - XSS