Show plain JSON{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-38000", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2023-07-11T12:50:13.630Z", "datePublished": "2023-10-13T09:55:54.690Z", "dateUpdated": "2024-08-02T17:23:27.829Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "WordPress", "vendor": "WordPress.org", "versions": [{"changes": [{"at": "6.3.2", "status": "unaffected"}], "lessThanOrEqual": "6.3.1", "status": "affected", "version": "6.3", "versionType": "custom"}, {"changes": [{"at": "6.2.3", "status": "unaffected"}], "lessThanOrEqual": "6.2.2", "status": "affected", "version": "6.2", "versionType": "custom"}, {"changes": [{"at": "6.1.4", "status": "unaffected"}], "lessThanOrEqual": "6.1.3", "status": "affected", "version": "6.1", "versionType": "custom"}, {"changes": [{"at": "6.0.6", "status": "unaffected"}], "lessThanOrEqual": "6.0.5", "status": "affected", "version": "6.0", "versionType": "custom"}, {"changes": [{"at": "5.9.8", "status": "unaffected"}], "lessThanOrEqual": "5.9.7", "status": "affected", "version": "5.9", "versionType": "custom"}]}, {"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "gutenberg", "product": "Gutenberg", "vendor": "Gutenberg Team", "versions": [{"changes": [{"at": "16.8.1", "status": "unaffected"}], "lessThanOrEqual": "16.8.0", "status": "affected", "version": "n/a", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Rafie Muhammad (Patchstack)"}, {"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Edouard Lamoine (Patchstack)"}], "datePublic": "2023-10-13T05:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Auth. Stored (contributor+) Cross-Site Scripting (XSS) vulnerability in WordPress core <span style=\"background-color: var(--wht);\">6.3 through 6.3.1, from 6.2 through 6.2.2, from 6.1 through 6.1.3, from 6.0 through 6.0.5, from 5.9 through 5.9.7 and Gutenberg plugin <= 16.8.0 versions.</span>"}], "value": "Auth. Stored (contributor+) Cross-Site Scripting (XSS) vulnerability in WordPress core\u00a06.3 through 6.3.1, from 6.2 through 6.2.2, from 6.1 through 6.1.3, from 6.0 through 6.0.5, from 5.9 through 5.9.7 and Gutenberg plugin <= 16.8.0 versions."}], "impacts": [{"capecId": "CAPEC-592", "descriptions": [{"lang": "en", "value": "CAPEC-592 Stored XSS"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2023-10-13T10:34:00.870Z"}, "references": [{"tags": ["third-party-advisory"], "url": "https://patchstack.com/articles/wordpress-core-6-3-2-security-update-technical-advisory?_s_id=cve"}, {"tags": ["vdb-entry"], "url": "https://patchstack.com/database/vulnerability/wordpress/wordpress-core-6-3-2-contributor-stored-xss-in-navigation-links-block-vulnerability?_s_id=cve"}, {"tags": ["vdb-entry"], "url": "https://patchstack.com/database/vulnerability/gutenberg/wordpress-gutenberg-plugin-16-8-0-contributor-stored-xss-in-navigation-links-block-vulnerability?_s_id=cve"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Update WordPress core to the 6.3.2, 6.2.3, 6.1.4, 6.0.6, 5.9.8 or a higher version."}], "value": "Update WordPress core to the 6.3.2,\u00a06.2.3,\u00a06.1.4,\u00a06.0.6,\u00a05.9.8 or a higher version."}, {"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Update Gutenberg to 16.8.1 or a higher version."}], "value": "Update\u00a0Gutenberg to\u00a016.8.1 or a higher version."}], "source": {"discovery": "EXTERNAL"}, "title": "Auth. Stored Cross-Site Scripting (XSS) vulnerability in WordPress core and Gutenberg plugin via Navigation Links Block", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T17:23:27.829Z"}, "title": "CVE Program Container", "references": [{"tags": ["third-party-advisory", "x_transferred"], "url": "https://patchstack.com/articles/wordpress-core-6-3-2-security-update-technical-advisory?_s_id=cve"}, {"tags": ["vdb-entry", "x_transferred"], "url": "https://patchstack.com/database/vulnerability/wordpress/wordpress-core-6-3-2-contributor-stored-xss-in-navigation-links-block-vulnerability?_s_id=cve"}, {"tags": ["vdb-entry", "x_transferred"], "url": "https://patchstack.com/database/vulnerability/gutenberg/wordpress-gutenberg-plugin-16-8-0-contributor-stored-xss-in-navigation-links-block-vulnerability?_s_id=cve"}]}]}}