Low severity3.0NVD Advisory· Published Jul 30, 2022· Updated Jun 17, 2026
CVE-2022-33994
CVE-2022-33994
Description
The Gutenberg plugin through 13.7.3 for WordPress allows stored XSS by the Contributor role via an SVG document to the "Insert from URL" feature. NOTE: the XSS payload does not execute in the context of the WordPress instance's domain; however, analogous attempts by low-privileged users to reference SVG documents are blocked by some similar products, and this behavioral difference might have security relevance to some WordPress site administrators.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Gutenberg/Gutenberg plugindescription
Patches
Vulnerability mechanics
References
2- patchstack.com/articles/patchstack-weekly-svg-xss-reported-in-gutenberg/nvdExploitThird Party Advisory
- blog.jitendrapatro.me/cve-2022-33994-stored-xss-in-wordpress/nvdThird Party Advisory
News mentions
0No linked articles in our index yet.