CVE-2022-33994 - OpenCVE

The Gutenberg plugin through 13.7.3 for WordPress allows stored XSS by the Contributor role via an SVG document to the "Insert from URL" feature. NOTE: the XSS payload does not execute in the context of the WordPress instance's domain; however, analogous attempts by low-privileged users to reference SVG documents are blocked by some similar products, and this behavioral difference might have security relevance to some WordPress site administrators.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Changed

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Gutenberg Project	Gutenberg

Configuration 1 [-]

cpe:2.3:a:gutenberg_project:gutenberg:*:*:*:*:*:wordpress:*:*

No data.

References

Link	Providers
https://blog.jitendrapatro.me/cve-2022-33994-stored-xss-in-wordpress/
https://patchstack.com/articles/patchstack-weekly-svg-xss-reported-in-gutenberg/

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2022-07-30T19:27:56

Updated: 2024-08-03T08:16:16.108Z

Reserved: 2022-06-19T00:00:00

Link: CVE-2022-33994

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-07-30T20:15:08.490

Modified: 2022-08-16T14:09:12.943

Link: CVE-2022-33994

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "The Gutenberg plugin through 13.7.3 for WordPress allows stored XSS by the Contributor role via an SVG document to the \"Insert from URL\" feature. NOTE: the XSS payload does not execute in the context of the WordPress instance's domain; however, analogous attempts by low-privileged users to reference SVG documents are blocked by some similar products, and this behavioral difference might have security relevance to some WordPress site administrators."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-08-09T01:28:33", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://blog.jitendrapatro.me/cve-2022-33994-stored-xss-in-wordpress/"}, {"tags": ["x_refsource_MISC"], "url": "https://patchstack.com/articles/patchstack-weekly-svg-xss-reported-in-gutenberg/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2022-33994", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Gutenberg plugin through 13.7.3 for WordPress allows stored XSS by the Contributor role via an SVG document to the \"Insert from URL\" feature. NOTE: the XSS payload does not execute in the context of the WordPress instance's domain; however, analogous attempts by low-privileged users to reference SVG documents are blocked by some similar products, and this behavioral difference might have security relevance to some WordPress site administrators."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://blog.jitendrapatro.me/cve-2022-33994-stored-xss-in-wordpress/", "refsource": "MISC", "url": "https://blog.jitendrapatro.me/cve-2022-33994-stored-xss-in-wordpress/"}, {"name": "https://patchstack.com/articles/patchstack-weekly-svg-xss-reported-in-gutenberg/", "refsource": "MISC", "url": "https://patchstack.com/articles/patchstack-weekly-svg-xss-reported-in-gutenberg/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T08:16:16.108Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://blog.jitendrapatro.me/cve-2022-33994-stored-xss-in-wordpress/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://patchstack.com/articles/patchstack-weekly-svg-xss-reported-in-gutenberg/"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-33994", "datePublished": "2022-07-30T19:27:56", "dateReserved": "2022-06-19T00:00:00", "dateUpdated": "2024-08-03T08:16:16.108Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gutenberg_project:gutenberg:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "22DB944B-7AFF-4F23-8999-B2BBF1518F1E", "versionEndIncluding": "13.7.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Gutenberg plugin through 13.7.3 for WordPress allows stored XSS by the Contributor role via an SVG document to the \"Insert from URL\" feature. NOTE: the XSS payload does not execute in the context of the WordPress instance's domain; however, analogous attempts by low-privileged users to reference SVG documents are blocked by some similar products, and this behavioral difference might have security relevance to some WordPress site administrators."}, {"lang": "es", "value": "El plugin Gutenberg versiones hasta 13.7.3 para WordPress, permite un ataque de tipo XSS almacenado por el rol de Colaborador por medio de un documento SVG a la funcionalidad \"Insert from URL\". NOTA: la carga \u00fatil de tipo XSS no es ejecutada en el contexto del dominio de la instancia de WordPress; sin embargo, los intentos an\u00e1logos de usuarios poco privilegiados de hacer referencia a documentos SVG son bloqueados por algunos productos similares, y esta diferencia de comportamiento podr\u00eda tener relevancia de seguridad para algunos administradores de sitios de WordPress"}], "id": "CVE-2022-33994", "lastModified": "2022-08-16T14:09:12.943", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.0, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.3, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-07-30T20:15:08.490", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://blog.jitendrapatro.me/cve-2022-33994-stored-xss-in-wordpress/"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://patchstack.com/articles/patchstack-weekly-svg-xss-reported-in-gutenberg/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}