Unrated severityNVD Advisory· Published Dec 5, 2022· Updated Apr 24, 2025

CVE-2022-43500

Description

Cross-site scripting vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to inject an arbitrary script. The developer also provides new patched releases for all versions since 3.7.

Affected products

osv-coords2 versions
pkg:bitnami/wordpress pkg:bitnami/wordpress-multisite
< 3.7.40+ 1 more
- (no CPE)range: < 3.7.40
- (no CPE)range: < 3.7.40
WordPress.org/WordPressv5
Range: versions prior to 6.0.3

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

jvn.jp/en/jp/JVN09409909/index.htmlmitre
wordpress.org/download/mitre
wordpress.org/news/2022/10/wordpress-6-0-3-security-release/mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000