CVE-2024-6307 in WordPressИнформация

Сводка

по MITRE • 25.06.2024

WordPress Core is vulnerable to Stored Cross-Site Scripting via the HTML API in various versions up to 6.5.5 due to insufficient input sanitization and output escaping on URLs. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Ответственный

Wordfence

Раскрытие

25.06.2024

Модерация

принято

Вход

VDB-269619

EPSS

0.00467

KEV

Нет

Деятельности

Очень низкий

Источники

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!