Unrated severityNVD Advisory· Published Oct 16, 2024· Updated Apr 8, 2026
WordPress Core < 6.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via use of the_meta(); function
CVE-2022-4973
Description
WordPress Core, in versions up to 6.0.2, is vulnerable to Authenticated Stored Cross-Site Scripting that can be exploited by users with access to the WordPress post and page editor, typically consisting of Authors, Contributors, and Editors making it possible to inject arbitrary web scripts into posts and pages that execute if the the_meta(); function is called on that page.
Affected products
3- osv-coords2 versions
< 3.6.2+ 1 more
- (no CPE)range: < 3.6.2
- (no CPE)range: < 3.6.2
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- core.trac.wordpress.org/changeset/53961mitre
- wordpress.org/news/2022/08/wordpress-6-0-2-security-and-maintenance-release/mitre
- www.wordfence.com/blog/2022/08/wordpress-core-6-0-2-security-maintenance-release-what-you-need-to-know/mitre
- www.wordfence.com/threat-intel/vulnerabilities/id/b5582e89-83e6-4898-b9fe-09eddeb5f7aemitre
News mentions
0No linked articles in our index yet.